Skip to content

Latest commit

 

History

History
30 lines (20 loc) · 1.34 KB

SECURITY.md

File metadata and controls

30 lines (20 loc) · 1.34 KB

Security Policy

We take information security and our users' trust very seriously. If you believe you have found a security issue in jmisb, please responsibly disclose it by contacting us at [email protected].

The jmisb project has implemented several measures to help identify and assess potential security risks as early as possible in the development lifecycle.

Vulnerability Scans

OWASP's Dependency-Check tool is used to detect publicly disclosed vulnerabilities in jmisb's dependencies. This check is performed by a GitHub Action on each commit to the develop branch.

Static Analysis

GitHub's CodeQL static analysis tool is used to analyze jmisb's source code for errors that may lead to vulnerabilities. The CodeQL analysis is also performed by a GitHub Action on each commit to the develop branch.

Software Bill of Materials (SBOM)

CycloneDX is used to generate a software bill of materials (SBOM) identifying all components within jmisb. The SBOM can be used by clients to analyze and monitor their software supply chain risks.

Fuzzing

Fuzz testing using JQF is used to find implementation bugs using malformed data injection. See api/fuzzing.md for usage details.