Skip to content

Latest commit

 

History

History
24 lines (14 loc) · 1.72 KB

SECURITY.md

File metadata and controls

24 lines (14 loc) · 1.72 KB

Security Policy

Supported Versions

Only the latest major release (x.y.z where x is the major release) is supported

Reporting a Vulnerability

To report a security vulnerability please email [email protected]

Steps We Have Taken To Ensure the Security of this Project

The Security of this project is very important to us. Here are some of the steps we have taken to ensure your security.

  • 2FA - All repositories in the LM orginazation require two factor authentication for all contributers.
  • OSSF Scorecard - We have enabled the OSSF scorecard action on the github mirror of this project and implemented all recomendations.
  • OSSF Security Best Practices - We have walked through the OSSF best practices self certification.
  • CodeQl - we have enabled codeql which is high quality SAST scanner targeted at detecting vulnerabilities with low false positive rates.
  • Protected Branches and Code Reviews - All commits to main (following initial release) require a merge request with code review.
  • Renovate Bot - This repository is configured with renovate to ensure we are always up to date with our upstream dependencies.
  • SBOM - This project publishes a cyclone-dx compatable SBOM with each release. It is available under the releases page.