| Version | Supported |
|---|---|
| Latest | β Yes |
| < Latest | β No |
Do NOT create a public GitHub issue for security vulnerabilities.
Please email: CaputoDav@gmail.com
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
| Timeframe | Action |
|---|---|
| 24 hours | Acknowledgment |
| 72 hours | Initial assessment |
| 7 days | Status update |
| 30 days | Resolution target |
- Never commit credentials to version control
- Use environment variables for Jamf API credentials
- Keep dependencies updated
- Run with minimum required privileges
# β Bad - Hardcoded credentials
JAMF_USER="admin"
JAMF_PASS="password123"
# β
Good - Environment variables
JAMF_USER="${JAMF_API_USER}"
JAMF_PASS="${JAMF_API_PASSWORD}"- Jamf API credentials stored securely
- Script run with
sudoonly when necessary - Logs reviewed for sensitive data exposure
- Test in dry-run mode before production
Thank you for helping keep this project secure! π