We support the latest version of this Terraform module with security updates.
| Version | Supported |
|---|---|
| 1.x.x | β |
| < 1.0 | β |
We take security vulnerabilities seriously. If you discover a security vulnerability in this Terraform module, please report it responsibly:
DO NOT create a public GitHub issue for security vulnerabilities.
Instead, please:
- Email: Send details to [security@drengskapur.com] (if available)
- GitHub Security: Use GitHub's Security Advisories
- Direct Contact: Contact the maintainers directly
When reporting a vulnerability, please include:
- Description: Clear description of the vulnerability
- Impact: Potential impact and attack scenarios
- Reproduction: Steps to reproduce the issue
- Affected Versions: Which versions are affected
- Suggested Fix: If you have ideas for a fix
- Initial Response: Within 48 hours
- Assessment: Within 1 week
- Fix Development: Depends on severity
- Public Disclosure: After fix is available
When using this module:
- Secrets Management: Never commit secrets to version control
- Least Privilege: Use minimal required permissions
- Regular Updates: Keep the module updated to latest version
- Review Changes: Review all changes before applying
- Audit Logs: Monitor GitHub audit logs for unexpected changes
This module includes several security features:
- Advanced Security: GitHub Advanced Security integration
- Secret Scanning: Automatic secret detection
- Dependabot: Automated security updates
- Signed Commits: Support for commit signing
- Branch Protection: Comprehensive protection rules
Thank you for helping keep this project secure! π