We are committed to maintaining the security of DevSecOps Builder. The following table outlines which versions of the project currently receive security updates:
| Version | Supported |
|---|---|
| 5.1.x | ✅ |
| 5.0.x | ❌ |
| 4.0.x | ✅ |
| < 4.0 | ❌ |
We take the security of DevSecOps Builder seriously. If you believe you have found a security vulnerability in our project, we encourage you to let us know right away. We will investigate all legitimate reports and do our best to quickly fix the issue.
-
Contact: To report a security issue, please email us at m.erdemozgen@gmail.com. This will reach our security team directly.
-
What to Include: In your report, please include a detailed explanation of the issue. Where possible, include steps to reproduce the vulnerability, its potential impact, and any possible mitigations.
-
Expectation: After submitting your report, you can expect an initial response within 48 hours. We will keep you informed of our progress as we investigate and resolve the issue.
-
Confidentiality: Please maintain confidentiality and do not publicly disclose the vulnerability until we have addressed it.
-
Recognition: Contributors who report a valid security vulnerability will be acknowledged and thanked in our project's documentation, unless they prefer to remain anonymous.
Once a reported vulnerability is confirmed, we will promptly work on a fix and release a security update. The details of the release will be published in our project's changelog.
If a reported issue is deemed not to be a vulnerability, we will provide an explanation to the reporter. If it's accepted, we will work on a resolution and acknowledge the reporter's contribution in our release notes.
We encourage the community to be involved in the security of DevSecOps Builder. If you have suggestions for improving this policy or our security practices, please feel free to contribute.
Thank you for helping keep DevSecOps Builder and its users safe.