Skip to content

Security: ThalesGroup/xsmp-sdk

SECURITY.md

XSMP-SDK Security Policy

Goods practices to follow

⚠️You must never store credentials information into source code or config file in a GitHub repository

  • Block sensitive data being pushed to GitHub by git-secrets or its likes as a git pre-commit hook
  • Audit for slipped secrets with dedicated tools
  • Use environment variables for secrets in CI/CD (e.g. GitHub Secrets) and secret managers in production

Supported Versions

Use this section to tell people about which versions of your project are currently being supported with security updates.

Version Supported
1.0.x

Reporting a Vulnerability

Vulnerabilities can be reported through the github issues tracker. Once accepted, the vulnerability will be treated as soon as possible.

Disclosure policy

Security Update policy

Security related configuration

Settings users should consider that would impact the security posture of deploying this project, such as HTTPS, authorization and many others.

Known security gaps & future enhancements

There aren’t any published security advisories