Skip to content

Security: RiversideValley/Emerald

Security

.github/SECURITY.md

πŸ” Security Policy

This is our policy for reporting security vulnerabilities and overall guidelines on what you should do upon discovering one! πŸ˜„

πŸ“ This document also outlines the measures we have put in to prevent security vulnerabilities in the first place.

πŸ˜‡ Reporting Security Vulnerabilities

Please use the GitHub Security Advisory "Report a Vulnerability" tab! πŸ˜…

In order to report a security vulnerability, you can use GitHub's built-in tool which easily allows you to calculate an attack vector/CVSS string or attribute to an existing CVE code. This allows us to accurately calculate the severity and/or importance of preventing it.

πŸ•΅οΈ Spotting secrets in code

If you spot a secret in the code, please let us know by contacting us. This helps us quietly remove the vulnerability without letting others abuse it. If you notice that we've accidentally published an app credential file or removed it from the .gitignore in the project root, please notify us.

ℹ️ Our Measures

What have we done to keep the app safe?

πŸ€– Dependabot

We have implemented Dependabot alerts to automatically track security vulnerabilities that apply to the repository's dependencies.

πŸ” Code scanning

We have enabled GitHub Code Scanning to automatically scan our code for potential GitHub client secrets and other API tokens.

πŸ›‘οΈ Security advisories

We have enabled GitHub security advisories to let us know if a potential security problem might affect our repository or if something doesn't look right with any of our other security vulnerability countermeasures. This makes it easy to track potential errors or problems that might expose user credentials publicly or cause other similar problems.

There aren’t any published security advisories