Security is not an on/off switch. No useful software application is truly ultimately secure. Security risk may be managed! Your company can take sensible, commercially-viable steps to avoid being in the news with an embarrassing data breach with your name on it.
Rietta has spent more than a decade developing applications with appsec as a fundamental design requirement and more than seven years applying this exclusively in the context of Ruby on Rails applications.
Keep those nasty .gitignored files like node_modules/ from clogging up fzf fuzzy finder and show commited, hidden files such as .circleci/config.