Skip to content

Security: luispinto-commercetools/commercetools-connector

Security

SECURITY.md

Security Policy

Introduction

The commercetools Connector, developed by fulfillmenttools, is designed to run on the commercetools Connect integration framework. This connector serves as a foundational application for integrating commercetools Composable Commerce projects and fulfillmenttools OMS.

Security

In accordance with posted requirements, the fulfillmenttools connector has undergone the commercetools certification process and has been approved prior to public lease. Specific security requirements are part of this process, including a defined timeline for resolution of reported critical and high vulnerabilities.

While the process certifies the connector, it does not substitute the need to conduct further, ongoing and personalized testing of your holistic product where you utilize this connector. The nature of vulnerabilities in software is that the security landscape changes all the time and continuous scanning is necessary.

No Liability and Indemnification

The use of the fulfillmenttools connector comes with no warranty. It is completely the responsibility of those who download and use the code to take the necessary precautions to utilize the connector in a way that is safe and secure. The code is provided "as is”, without any representations or warranties of any kind, either expressed or implied.

You agree to release, indemnify, and hold fulfillmenttools and its affiliates and subsidiaries, and their officers, directors, employees and agents, harmless from and against any third party claims, liabilities, damages, losses, and expenses. Your continued use of the product constitutes your acceptance of these terms.

Responsible Disclosure

Researchers and users of any type are welcome to identify potential security issues and submit them as pull requests against the Github repository for consideration. Depending on the veracity of the finding, fulfillmenttools, in their sole discretion, may choose to compensate the reporter with a reward commensurate to the severity of the finding. Submission of a finding does not guarantee a reward. You may also email us at opensource@fulfillmenttools.com.

Subject to Change

This security policy is subject to change at any time. Notification of an update to this security policy will be communicated via a commit to the fulfillmenttools connector repository. Your continued use of the product constitutes acceptance of any changes.

There aren’t any published security advisories