We provide security updates for the following versions of our templates:
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
We take security seriously and appreciate your efforts to responsibly disclose any vulnerabilities you find.
Please report security vulnerabilities by emailing our security team at security@example.com.
Do not create a public GitHub issue for security vulnerabilities.
When reporting a vulnerability, please include:
- A description of the vulnerability
- Steps to reproduce the issue
- Impact of the vulnerability
- Any potential mitigations
- Your contact information
- We will acknowledge receipt of your report within 48 hours
- We will keep you informed about the progress of the fix
- We will credit you in our security advisories (unless you prefer to remain anonymous)
Security updates are released as patch versions (e.g., 1.0.0 → 1.0.1). We recommend always using the latest version of our templates.
- Keep your dependencies up to date
- Regularly review security advisories for your stack
- Use dependency scanning tools
- Follow the principle of least privilege
- Never include secrets or sensitive data in templates
- Use environment variables for configuration
- Keep dependencies up to date
- Follow secure coding practices
- Use security linters and scanners
We conduct regular security audits of our codebase and dependencies. Third-party security audits are performed annually.
We use Dependabot to monitor for vulnerable dependencies. All dependencies are regularly scanned for known vulnerabilities.
- Design Phase: Security requirements and threat modeling
- Development: Secure coding practices and peer reviews
- Testing: Security testing and vulnerability scanning
- Deployment: Secure configuration and access controls
- Monitoring: Continuous security monitoring and incident response
In case of a security incident:
- Our security team will investigate the report
- We will develop and test a fix
- We will release a security update
- We will publish a security advisory
Security advisories are published in our GitHub Security Advisories page.
We follow responsible disclosure guidelines. Please allow us reasonable time to address security issues before public disclosure.
- Security Team: security@example.com
- PGP Key: [Link to PGP key]