Skip to content

Security: whats2000/CodeBRT

Security

SECURITY.md

Security Policy

Supported Versions

We are committed to maintaining the security of CodeBRT. Below is the list of versions currently supported with security updates:

Version Supported
0.4.5
< 0.4.5

Reporting a Vulnerability

We take the security of our project seriously. If you discover a security vulnerability within CodeBRT, please follow these steps:

  1. Do Not Publicly Disclose: Do not create a public GitHub issue for a suspected security vulnerability.

  2. Email our Security Team:

    • Send a detailed description of the vulnerability to: [[email protected]]
    • Include steps to reproduce the vulnerability
    • Provide any relevant code snippets or proof of concept
  3. What to Expect:

    • We will acknowledge receipt of your vulnerability report within 48 hours
    • Our security team will investigate and validate the report
    • You can expect an initial assessment within 5-7 business days
    • We will keep you informed about the progress of the investigation
  4. Potential Outcomes:

    • If the vulnerability is accepted:

      • We will work on a fix and create a security patch
      • You will be credited for your discovery (if you wish)
      • We may provide a bounty or recognition for significant findings
    • If the vulnerability is declined:

      • We will provide a detailed explanation
      • We'll offer guidance if the issue is not a critical security risk
  5. Responsible Disclosure:

    • We request that you give us reasonable time to address the vulnerability before any public disclosure
    • We are committed to resolving and patching security issues promptly

Security Best Practices

  • Keep your dependencies up to date
  • Use the latest version of CodeBRT
  • Report any suspicious activities or potential vulnerabilities
  • Follow our secure coding guidelines in the CONTRIBUTING.md

Package Health

  • Total packages: 289
  • Current vulnerabilities: 0

Thank you for helping us maintain the security of CodeBRT.

There aren’t any published security advisories