If you discover a security vulnerability in this repository, please report it responsibly. Do not create a public issue for security vulnerabilities.
Send an email to chikwemdonald@gmail.com with a detailed description of the vulnerability.
Include steps to reproduce the issue, if possible.
Provide any relevant logs, screenshots, or code snippets.
We will acknowledge your report within 48 hours.
We will provide a timeline for addressing the issue and keep you updated on our progress.
To maintain a secure codebase, we follow these best practices:
All pull requests must be reviewed by at least one maintainer before merging.
Security-sensitive changes require review by multiple maintainers.
Dependencies are regularly updated to the latest secure versions.
We use tools like Dependabot to monitor and automate dependency updates.
Never commit sensitive information (e.g., API keys, passwords) to the repository.
Use GitHub Secrets or a secure vault for managing sensitive data.
The main branch is protected and requires:
At least one approved review.
Passing status checks (e.g., CI/CD pipelines, linting, tests).
No direct commits; all changes must go through a pull request.
Once a vulnerability is resolved, we will publish a security advisory to inform users.
The advisory will include details about the issue, the fix, and any steps users need to take.
If you report a vulnerability, we will credit you in the security advisory (unless you prefer to remain anonymous).
Code Scanning:
We use super-linter and other analysis tools to identify potential vulnerabilities in the codebase.
All code changes must pass automated tests, including security tests, before being merged.
Contributors are granted the minimum permissions necessary to perform their tasks.
In the event of a security incident:
We will investigate the issue immediately.
We will notify affected users and provide guidance on mitigating the impact.
We will document the incident and take steps to prevent similar issues in the future.
Follow secure coding practices when contributing to this repository.
Report any suspicious activity or vulnerabilities responsibly.
Stay informed about security updates by watching this repository.
For any security-related questions or concerns, please contact us at chikwemdonald@gmail.com.