Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 1 addition & 2 deletions LICENSE
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
MIT License

Copyright (c) 2025 NEO-SH1W4
Copyright (c) 2024 Symbeon Labs & SH1W4

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
Expand All @@ -19,4 +19,3 @@ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

64 changes: 11 additions & 53 deletions SECURITY.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,66 +2,24 @@

## Supported Versions

We take security seriously in DocSync. The following versions are currently supported with security updates:
Use this section to tell people about which versions of your project are
currently being supported with security updates.

| Version | Supported |
| ------- | ------------------ |
| 0.1.x | :white_check_mark: |
| 0.2.x | :white_check_mark: |
| 0.1.x | :x: |

## Reporting a Vulnerability

We appreciate responsible disclosure of security vulnerabilities. If you discover a security issue, please report it by emailing **security@docsync.dev** or by opening a private security advisory on GitHub.
We take the security of **DocSync** seriously. If you discover a vulnerability, please follow these steps:

### What to Include

Please include the following information in your security report:

1. **Description**: A clear description of the vulnerability
2. **Impact**: Potential impact and attack scenarios
3. **Reproduction**: Step-by-step instructions to reproduce the issue
4. **Environment**: Affected versions and operating systems
5. **Mitigation**: Any temporary workarounds you've identified
1. **Do NOT create a public GitHub issue.** We want to prevent zero-day exploits.
2. Send an email to **security@symbeon.com** (or contact SH1W4 directly).
3. Include a description of the vulnerability and steps to reproduce.

### Response Timeline
* We will acknowledge your report within 48 hours.
* We will provide a timeline for the fix within 1 week.

- **Initial Response**: Within 24 hours of report
- **Confirmation**: Within 72 hours
- **Resolution**: Security fixes are prioritized and typically released within 7-14 days
- **Disclosure**: Public disclosure after fix is available, coordinated with reporter

### Security Features

DocSync implements several security measures:

- **Input Validation**: All user inputs are validated and sanitized
- **Path Traversal Protection**: File system operations are restricted to authorized directories
- **Token Security**: API tokens are handled securely and never logged
- **Dependency Scanning**: Regular automated scans for vulnerable dependencies
- **Static Analysis**: Code is analyzed with Bandit and other security tools

### Security Best Practices

When using DocSync:

1. **Environment Variables**: Store sensitive tokens in environment variables, never in code
2. **File Permissions**: Ensure proper file permissions on configuration files
3. **Network Security**: Use HTTPS for all API communications
4. **Regular Updates**: Keep DocSync and its dependencies updated
5. **Audit Logs**: Monitor sync operations and access patterns

### Security Contacts

- **Security Team**: security@docsync.dev
- **Maintainer**: [NEO-SH1W4](https://github.com/NEO-SH1W4)
- **GitHub Security**: Use GitHub's private security advisory feature

### Hall of Fame

We recognize security researchers who help improve DocSync's security:

*No reports yet - be the first!*

---

**Note**: This security policy is actively maintained and may be updated. Check back regularly for changes.

Thank you for helping keep the Agentic Ecosystem safe.
Loading