| Version | Supported |
|---|---|
| 1.x.x | ✅ |
| < 1.0 | ❌ |
We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly.
- Do NOT create a public GitHub issue for security vulnerabilities
- Email the maintainers directly or use GitHub's private vulnerability reporting feature
- Include the following information:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes (optional)
- Initial Response: Within 48 hours
- Status Update: Within 7 days
- Resolution Timeline: Depends on severity
- Critical: 24-48 hours
- High: 7 days
- Medium: 30 days
- Low: 90 days
EVE Gatekeeper implements the following security measures:
- Rate limiting (configurable, default 100 req/min)
- Request size limits (10MB default)
- Security headers (CSP, X-Frame-Options, etc.)
- CORS configuration
- API key authentication
- EVE SSO OAuth2 integration (for ESI)
- No sensitive data stored (ESI tokens are ephemeral)
- Input validation via Pydantic
- SQL injection prevention via SQLAlchemy ORM
- Non-root Docker container
- Health checks for orchestration
- Dependency scanning in CI/CD
- Always use HTTPS in production
- Change default secrets (SECRET_KEY in .env)
- Enable rate limiting for public deployments
- Use PostgreSQL instead of SQLite for production
- Keep dependencies updated (
pip-auditruns in CI) - Monitor logs for suspicious activity
We use automated tools to monitor dependencies:
pip-auditin CI pipeline- Dependabot alerts (when enabled)
- Regular dependency updates
- We follow responsible disclosure practices
- Security fixes are released as soon as possible
- Public disclosure occurs after patches are available
- Credit is given to reporters (unless anonymity is requested)
For security concerns, contact the repository maintainers through GitHub.