Skip to content

Security: tgilabs/workway-docs

SECURITY.md

Global Security Policy

Introduction

This document outlines the global security policy for all repositories, projects, and members participating in the TeGriAi Labs GitHub organization. This policy aims to define the security measures and protocols designed to protect our intellectual property and sensitive information.

Scope

This policy applies to all members, contributors, maintainers, and any third-party services integrated into the TeGriAi Labs GitHub organization.

Responsibilities

  • Organization Owners and Administrators: Responsible for managing access controls, reviewing security logs, and enforcing the security policy.
  • Project Maintainers: Ensure that the project follows this Global Security Policy and any associated project-specific security guidelines.
  • Contributors: Must adhere to this Global Security Policy and any security measures project maintainers implement.

Access Control

  1. Two-Factor Authentication (2FA): Enabling 2FA is mandatory for all members with push, pull, or administrative access to repositories.
  2. Minimum Access Principle: Members should be given the least amount of access—read, write, or admin—needed to accomplish their tasks.

Code Review

  1. All pull requests must undergo a security review by a maintainer before merging.
  2. At least two maintainers must review any changes to security configurations or sensitive areas of the codebase.

Data Protection

  1. Sensitive information, including but not limited to API keys and credentials, should never be stored in a repository.
  2. Use environment variables to handle sensitive information in code.

Incident Response

  1. Any detected vulnerability or security incident must be reported immediately to the organization owners and administrators.
  2. a hotfix should be implemented and deployed as soon as possible for critical vulnerabilities.

Third-Party Services

Before integrating any third-party services or libraries, the project maintainers must review and approve their security features and settings.

Audit

  1. Periodic security audits will be conducted on random repositories.
  2. Audit results will be shared with project maintainers, who are expected to address any identified issues promptly.

Enforcement

Failure to adhere to this Global Security Policy may result in removal from the TeGriAi Labs GitHub organization and further legal action if warranted.

Revision and Updates

This Global Security Policy will be reviewed and updated annually or as needed to reflect any changes in security practices or requirements.

There aren’t any published security advisories