| Version | Supported |
|---|---|
| main (latest) | β |
| < 1.0.0 |
This project follows enterprise-grade security practices:
- Trivy - Container and dependency vulnerability scanning
- Bandit - Python security linting
- Dependabot - Automated dependency updates
- Secret scanning - GitGuardian / Trivy secret detection
- Sealed Secrets - Encrypted Kubernetes secrets
- Network Policies - Pod-to-pod communication restrictions
- Pod Security Policies - Container runtime restrictions
- Rate Limiting - Traefik API gateway protection
- Pre-commit hooks - Automated security checks before commit
- CI/CD gates - Security scans in every pipeline
- Dependency pinning - Fixed versions to prevent supply chain attacks
- Least privilege - Minimal permissions for service accounts
| Metric | Status |
|---|---|
| Trivy scans | β Weekly |
| Bandit scans | β Pre-commit |
| Dependabot | β Enabled |
| Secret detection | β Active |
| Security docs | β Updated |
If you discover a security vulnerability:
- DO NOT open a public issue
- DO email: leadarchitect@yandex.ru
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
We will respond within 48 hours and provide:
- Acknowledgment of receipt
- Timeline for fix
- Credit (if desired)
All security-related changes are documented in:
docs/security/- Security documentationdocs/security/SECURITY-SCAN.md- Scan results- GitHub Security tab - Dependabot alerts
Last updated: May 2026