| Version | Supported |
|---|---|
| 0.1.x | ✅ Current |
If you discover a security vulnerability in specsmith, please report it responsibly:
- Do NOT open a public issue.
- Email: support@bitconcepts.tech
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
We will acknowledge receipt within 48 hours and aim to provide a fix or mitigation within 7 days for critical issues.
This policy covers:
- The
specsmithCLI tool and its dependencies - Generated scaffold files and templates
- CI/CD workflows and configuration files
- Dependencies are monitored by Dependabot (GitHub) and Renovate (GitLab/Bitbucket)
- CI runs
pip-auditon every push to detect known vulnerabilities - All agent-invoked commands enforce timeouts to prevent hung processes
- No secrets are stored in generated scaffold files