This repository follows best practices to ensure the security and integrity of OpenTofu modules. Please review the following guidelines when reporting security concerns.
Use this section to tell people about which versions of your project are We actively maintain and provide security updates for the following versions:
| Version | Supported | Notes |
|---|---|---|
| Latest (main) | β Yes | Actively maintained and reviewed |
| Previous release | β Yes | Security patches only |
| Older releases | β No | Users should upgrade |
If you're using an unsupported version, please consider upgrading to the latest release.
If you discover a security issue, please follow these steps:
- Open issue as Bug.
- Include:
- A detailed description of the vulnerability.
- Steps to reproduce the issue.
- The potential impact.
- Any mitigation strategies you suggest.
- We will acknowledge your report within 48 hours and provide updates on resolution.
To maintain the security of this repository, we enforce the following:
- β
Pre-commit security scans using
trivy. - β Code reviews by CODEOWNERS before merging.
- β Automated tests to detect misconfigurations.
- β Least privilege principles when defining IAM policies.
- β Semantic versioning to manage security patches.
We appreciate responsible disclosure of vulnerabilities and will credit contributors who report security issues following ethical guidelines.
If you have any concerns, feel free to reach out privately before making any public disclosures.
Thank you for helping us keep this project secure! ππ