If you find a security issue in any of the templates, Dockerfiles, or scripts in this repo:

• Email vikgm.dev@gmail.com with the subject [ship-to-live security]
• Do NOT open a public issue until it's fixed
• I'll respond within 48 hours

These templates are starting points. They're designed to be production-reasonable but MUST be customized for your specific use case. I've written them to be safe defaults; you are responsible for:

• Keeping base images updated (use Dependabot or Renovate)
• Rotating any secrets they reference
• Hardening beyond what's shown (WAF rules, rate limits, DDoS protection per your traffic profile)
• Compliance-specific controls (HIPAA, PCI, SOC 2) if your app needs them

Everything in the .md files is advice drawn from my experience running production systems. It's correct for most common cases. It may not be correct for your edge case. If you're operating under specific regulations, hire actual experts in those regulations.

Need more than the security checklist in this repo? Two options:

• Ship-to-Live Audit ($497) — 2-hour live Zoom audit of your app + written report with prioritized security fixes. You implement.
• Ship-to-Live Core ($1,500) — full done-for-you: I audit it, fix it, containerize it, deploy it with secrets out of git, TLS everywhere, auth hardened. 10 business days.

If you need a deeper compliance-adjacent engagement (regulated data, SOC 2, HIPAA, PCI), email vikgm.dev@gmail.com with security-deep in the subject — I'll quote a custom scope.