🔒 We will do our best to our knowledge to provide maximum security when you're using our open-sourced projects.
If you are looking for just reporting an issue process, move quickly to reporting section.
⚙️ We are using the following SAST tools/services in our projects to maintain the security aspect:
Tool / Service | Purpose | Usage |
---|---|---|
DeepScan | Analyze JavaScript projects which targets runtime errors and quality issues. | Installed GitHub Apps * - DeepScan app |
GitGuardian | Scan source code to detect API keys, passwords, certificates, encryption keys and other sensitive data. | Installed Github Apps * - GitGuardian app; GitHub Actions * workflows: ci-cd *, scheduled * |
Snyk | Vulnerability scanner for project codebase. | Installed Github Apps * - Snyk app; GitHub Actions * workflows: ci-cd *, scheduled * |
In order to ensure that our project depedencies stay up to date and are secure, we use the following tools/services:
Tool/service | Purpose | Usage |
---|---|---|
Deadpendency | Automated checks on projects dependencies remain healthy over time. | Installed GitHub Apps * - Deadpendency app |
Renovate | Automated dependencies updates in projects. | Installed GitHub Apps * - Renovate app |
It is configured with GitHub Actions workflows inside the public repositories
of our GitHub organisation - in the directory ./.github/workflows
.
It is configured in ./.github/workflows/ci-cd.yml
workflow file.
It runs on every push or pull request action to the main
branch.
It is configured in ./.github/workflows/scheduled.yml
workflow file.
It runs on the main
branch, on specified period (not longer than
once a week).
The application is installed within our organisation with access to our public
repositories.
It runs on every push or pull request.
📟 If you have found a security issue or have any concerns or doubts regarding
privacy rights, please get in touch with us.
There are possible options (the first one is recommended):
- Create GitHub's Security Advisory in the specific project repository
where the security issue exists (in the
Security
tab/pane). - Traditionally, via email: dev@adchitects.co.
-
🗓️ Our team should acknowledge your report within 7 days
-
🕵️ The team will investigate and update the issue with relevant information.
- ❌ If the team does NOT confirm the report, no further action will be taken by us. We will be sure to inform you regarding this result.
- ✅ If the team confirms the report, the team will take action to fix
it immediately:
- Commits will be handled in a private repository for review and testing.
- Release a new patch version from the private repository.
- Write an announcement post disclosing the vulnerability.