Security

SECURITY.md

Security Policy

Supported scope

This repository includes:

microservices and frontend code
CI/CD workflows
Kubernetes manifests
Terraform infrastructure definitions

Reporting a vulnerability

Please do not open public issues for security vulnerabilities.

Use private disclosure to repository maintainers and include:

affected component
reproduction steps
impact assessment
suggested remediation

Response model

acknowledge report within 72 hours
triage and severity classification
mitigation or patch plan
coordinated disclosure after fix

Security best practices in this project

secrets managed via environment secrets and policy metadata
branch protection and required checks enabled
IaC-driven governance for reproducible controls

There aren’t any published security advisories