Skip to content

Security: Tridention/Accellens

Security

.github/SECURITY.md

Security Policy

Supported Versions

We actively support the following versions with security updates:

Version Supported
1.0.x
< 1.0

Reporting a Vulnerability

We take security vulnerabilities seriously. If you discover a security vulnerability, please follow these steps:

1. Do NOT create a public issue

Important: Do not open a public GitHub issue for security vulnerabilities. This could expose the vulnerability to malicious actors.

2. Report privately

Please report security vulnerabilities privately using one of the following methods:

  • Email: security@tridention.com
  • GitHub Security Advisory: Use the "Report a vulnerability" button on the repository's Security tab
  • Private communication: Contact the maintainers directly

3. What to include

When reporting a vulnerability, please include:

  • Description: Clear description of the vulnerability
  • Impact: Potential impact of the vulnerability
  • Steps to reproduce: Detailed steps to reproduce the issue
  • Affected versions: Which versions are affected
  • Suggested fix: If you have suggestions for fixing the issue

4. Response timeline

  • Initial response: Within 48 hours
  • Status update: Within 7 days
  • Resolution: As soon as possible, typically within 30 days

5. What to expect

  • We will acknowledge receipt of your report within 48 hours
  • We will provide regular updates on the status of the vulnerability
  • We will work with you to understand and resolve the issue
  • We will credit you in the security advisory (if you wish)

6. Disclosure policy

  • We will not disclose the vulnerability publicly until a fix is available
  • We will coordinate with you on the disclosure timeline
  • We will credit you in the security advisory and release notes

Security Best Practices

For Contributors

  • Do not commit secrets, API keys, or credentials
  • Use environment variables for sensitive configuration
  • Follow secure coding practices (see docs/development/coding-standards.md)
  • Report security issues privately

For Users

  • Keep your dependencies up to date
  • Use strong authentication
  • Follow security best practices for your environment
  • Report security issues promptly

Security Features

  • Dependabot: Automated dependency updates and security alerts
  • CodeQL: Static code analysis for security vulnerabilities
  • Secret Scanning: Automatic detection of secrets in code
  • Security Advisories: Public disclosure of security issues

Additional Resources

Contact

For security-related questions or concerns, please contact:

Thank you for helping keep Accellens and our users safe!

There aren't any published security advisories