* Add https://github.com/mozsvcpyup as a collaborator to your repo
* Notify secops@mozilla.com to enable the integration in pyup
* Consider using ``pip list --outdated `` or [requires.io](https://requires.io/) too
* [ ] If handling cryptographic keys, must have a mechanism to handle quarterly key rotations (**APP-KEYROT**)
* Keys used to sign sessions don't need a rotation mechanism if destroying all sessions is acceptable in case of emergency.