Code-Inc/WatchLink
2
1
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
d5ab61c0c2b0840affd2e792e95c4a93df0d8c0e
WatchLink/SECURITY.md
MrSphay d3e84feedd
Some checks failed
Build / build (push) Failing after 1m29s
Details
Release Dry Run / release-dry-run (push) Successful in 1m24s
Details
Template Compliance / compliance (push) Failing after 5s
Details
Initial WatchLink scaffold
2026-05-15 03:11:41 +02:00

18 lines
600 B
Markdown
Raw Blame History

# Security Policy
## Supported Version
WatchLink is pre-release. Security fixes apply to the current `main` branch.
## Reporting
Report vulnerabilities privately to the repository owner. Do not open public issues for secrets, authentication bypasses, or data exposure.
## Baseline Rules
- Do not commit `.env`, tokens, private keys, certificates, or database dumps.
- Change `NEXTAUTH_SECRET` before production use.
- Use a strong Postgres password in production.
- Store Gitea registry credentials in repository or organization secrets.
- Review `docs/security-review.md` before release work.
Reference in New Issue View Git Blame Copy Permalink