PreflightOps is designed to help teams identify risky production changes before deployment.
Because it may process operational metadata, Terraform plans, Kubernetes manifests, service catalogs, and change requests, users should treat inputs carefully.
PreflightOps is currently in early development.
| Version | Supported |
|---|---|
| 0.1.x | Yes |
Please report security issues privately.
If this project is hosted on GitHub, use GitHub Security Advisories when available.
Otherwise, contact the maintainer directly.
Do not open public issues for vulnerabilities involving:
- credential exposure;
- secret handling;
- unsafe parsing;
- command execution;
- sensitive report output;
- workflow permission abuse.
Do not paste real secrets into PreflightOps.
Avoid uploading:
- API keys
- tokens
- passwords
- private keys
- kubeconfigs
- cloud credentials
- customer data
- internal URLs
- incident data with confidential details
Terraform plans and Kubernetes manifests can contain sensitive values. Review before sharing or committing them.
PreflightOps currently:
- runs locally;
- does not require a database;
- does not call external APIs;
- does not send data to AI services;
- does not require authentication;
- produces local Markdown and JSON reports.
This makes it simple to audit, but it also means users are responsible for controlling where input files and reports are stored.
The example GitHub Action requests:
permissions:
contents: read
pull-requests: writeThis is needed to read repository content and comment on pull requests.
If you do not need PR comments, remove pull-requests: write.
- Run PreflightOps on sanitized examples first.
- Avoid committing generated reports if they contain sensitive information.
- Review Terraform plans before storing them in the repository.
- Avoid using production secrets in Kubernetes examples.
- Prefer placeholder values in documentation and tests.