This policy outlines the security measures and best practices to ensure the integrity and safety of our GitHub repository.
Collaborator Access: Only trusted individuals should be given collaborator access. Two-Factor Authentication (2FA): Enforce the use of 2FA for all collaborators.
All changes must go through a pull request and be approved by at least one other collaborator before being merged into the main branch.
Regularly use automated security features like Dependabot alerts and security advisories to identify vulnerable dependencies. Address identified vulnerabilities in a timely manner.
Protect the main branch to prevent direct pushes. Require status checks to pass before merging pull requests.
Never commit sensitive data, like passwords or API keys, directly into the repository. Use GitHub secrets or environment variables for storing sensitive data.
Have a plan in place for responding to security incidents, such as a detected breach or vulnerability.
Ensure all collaborators are aware of this policy and have basic security awareness training. Remember, this is just a basic outline. Depending on the specifics of your project, you may need to add or modify sections. It’s always a good idea to consult with a security professional when creating a security policy.
Following versions will be supported for further issue resolution.
Version | Supported |
---|---|
< 1.0.x | ✅ |