23 lines
718 B
Markdown
23 lines
718 B
Markdown
# Security Policy
|
|
|
|
## Supported Versions
|
|
|
|
| Version | Supported |
|
|
| --- | --- |
|
|
| Latest project state | Yes |
|
|
|
|
## Reporting A Vulnerability
|
|
|
|
Report security issues privately to the project owner.
|
|
|
|
Do not include secrets, production data, private credentials, or unreleased exploit details in public issues.
|
|
|
|
## Project Security Principles
|
|
|
|
- Keep secrets out of the repository.
|
|
- Do not commit `.env` files, tokens, certificates, private keys, or generated credentials.
|
|
- Prefer local processing for user data.
|
|
- Document external network calls when implementation begins.
|
|
- Keep release artifacts reproducible through CI once release artifacts exist.
|
|
- Run dependency audits before releases once dependencies exist.
|