pqs

Platform Quality and Security Workstream

The PQS workstream is dedicated to the assessment, maintenance and enhancements to security and quality of the Mojaloop platform, encompassing connectivity to participating DFSPs (including transactions) and the security of hub operator portals, and of the Mojaloop Open source codebase and related artefacts.

Business Justification

This ensures the Mojaloop platform quality & security is maintained; vulnerability management is done and mitigations planned. Working with adopters, community members to improve security and quality incrementally. Provide features to support compliance and address gaps.

Contributors

Workstream Lead	Contributors
Sam Kummary	Juan Correa Devarsh Shah Shuchita Prakash Shashi Hirugade

Latest Update (Summary)

The team is working toward a year-end release candidate of 17.2.0, focusing on security hardening, dependency updates, and CI reliability. AI-powered tooling is now generating automated PRs for dependency updates across Mojaloop’s internal packages, significantly reducing manual workload. The Finance Portal requires a more comprehensive rewrite due to outdated technology. The workstream also assessed the Mojaloop IAC sandbox against the new QA Framework.

Applicability

This version of this document relates to Mojaloop Version 17.1.0

Document History

Version	Date	Author	Detail
1.1	4th December 2025	Paul Makin	Added latest update
1.0	25th November 2025	Paul Makin	Initial version