Skip to content

Latest commit

 

History

History
46 lines (35 loc) · 2.32 KB

SECURITY.md

File metadata and controls

46 lines (35 loc) · 2.32 KB

Security Policy

This document describes the security policy for SpectraFit.

Supported Versions

Our current policy is to support the latest version of SpectraFit and the last two minor releases.

Security Checks

Currently, the following security checks are implemented in the CI pipelines or as third-party services:

Tool Checks Implemented as
GitHub's CodeQL Used to check for potential vulnerabilities in the code. 🛠️
Synk Used to check for known vulnerabilities in the dependencies. 🤖
SonarCloud Used to find code quality issues and potential vulnerabilities. 🤖
GitHub's Dependabot Used to check for outdated dependencies. 🤖
Pre-commit Used to check for code quality and formatting issues. 🛠️ 🤖
Codecov Used to check for coverage rate to ensure that the code is completely tested. 🛠️ 🤖

Additionally, branch protection rules are used to ensure that the code is reviewed before it is merged into the main branch.

Reporting a Vulnerability

If you find a vulnerability, please report it by opening an issue here. Please use the vulnerability template and provide as much information as possible.

Current Python vulnerabilities can be found at the 🔗GitHub's Advisory Database. See also: 🔗GitHub's Security Lab.