We actively maintain and provide security updates for the following:
| Project | Supported |
|---|---|
| All active ops4life repositories | β |
We take security seriously. If you discover a security vulnerability in any ops4life project, please report it responsibly.
- Do NOT open a public issue for security vulnerabilities
- Use GitHub Private Vulnerability Reporting
- Or contact maintainers directly via GitHub
- Description of the vulnerability
- Steps to reproduce
- Affected project(s) and version(s)
- Potential impact
- Suggested fix (if any)
| Action | Timeframe |
|---|---|
| Initial response | 48 hours |
| Status update | 7 days |
| Fix timeline | Depends on severity |
We appreciate responsible disclosure. Contributors who report valid security issues will be:
- Credited in the security advisory (unless anonymity is preferred)
- Thanked publicly in release notes
When contributing to ops4life projects:
- β Never commit secrets, API keys, or credentials
- β Never hardcode sensitive information
- β Use environment variables for secrets
- β Follow least privilege principles
- β Keep dependencies updated
| Tool | Purpose |
|---|---|
| Gitleaks | Secret scanning |
| CodeQL | Code vulnerability analysis |
| Dependabot | Dependency updates |
| Trivy | Container scanning |
For general security questions, open a discussion in the Q&A category.