Skip to content

Security: greenpill-dev-guild/greenpill-commons

SECURITY.md

Security Policy

Overview

The Greenpill Dev Guild is dedicated to maintaining the security and privacy of our projects and user data. This document outlines our security practices and provides guidance on how to report potential vulnerabilities. We encourage everyone to responsibly disclose security vulnerabilities to help us protect our projects and our community.

Supported Versions

We currently support the latest major and minor versions of each project unless otherwise specified. For unsupported versions, security updates may not be provided.

Project Supported Version End-of-Life Policy
Green Goods Latest Version N/A for legacy versions, patches for critical issues only
Impact Reef Latest Version N/A for legacy versions, patches for critical issues only
Allo Yeeter Latest Version N/A for legacy versions, patches for critical issues only
GreenWill Latest Version N/A for legacy versions, patches for critical issues only
Greenpill Commons Latest Version N/A for legacy versions, patches for critical issues only

Reporting a Vulnerability

If you identify a potential security vulnerability in any of our repositories, please follow these steps:

  1. Contact: Email the issue details to our security team at [[email protected]].

    • Include a detailed description of the vulnerability, the affected component(s), and the potential impact.
    • Provide steps to reproduce the issue if possible.
  2. Acknowledgment: We will acknowledge receipt of your report within 3 business days and begin assessing the report.

  3. Investigation and Remediation: We aim to address valid security issues promptly and will keep you updated on our investigation status.

    • Critical issues will receive immediate attention, while minor vulnerabilities will be addressed in due course.
  4. Responsible Disclosure: We request that you give us a reasonable time to address the issue before disclosing it publicly.

Security Measures and Best Practices

We implement the following security practices:

  • Access Control: We enforce strict access control measures to ensure only authorized contributors can modify critical repositories.
  • Dependencies Management: We regularly update dependencies and run automated vulnerability scans on dependencies.
  • Code Review: Code changes undergo peer review to identify potential vulnerabilities before merging into main branches.
  • Continuous Monitoring: We utilize GitHub security tools (e.g., Dependabot, Code Scanning) to monitor for potential vulnerabilities.

Contact and Resources

If you have questions about this policy or need further information:

There aren’t any published security advisories