| Version | Supported |
|---|---|
| 1.x | ✅ Yes |
If you discover a security vulnerability in this project, please do not open a public GitHub issue.
Instead, report it via:
- LinkedIn: linkedin.com/in/adarsh-singh-cybersecurity
- GitHub: Open a private security advisory
Please include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
I aim to respond within 72 hours and will keep you updated on the fix timeline.
This project implements the following security controls in the CI/CD pipeline:
| Control | Tool | Stage |
|---|---|---|
| Static Analysis (SAST) | Bandit, Semgrep, CodeQL | Pre-build |
| Dependency Scanning (SCA) | Safety, pip-audit | Pre-build |
| Secret Detection | Gitleaks | Pre-build |
| Container Scanning | Trivy | Post-build |
| Dynamic Analysis (DAST) | OWASP ZAP | Post-deploy |
| Dependency Review | GitHub Dependency Review | PR gate |