| Version | Supported |
|---|---|
| 1.1.x | β Yes |
| 1.0.x | β Yes |
We take security seriously! π If you discover a security vulnerability in this project, please report it responsibly.
- DO NOT open a public GitHub issue for security vulnerabilities
- Instead, email us at: security@dubsopenhub.com
- Or use GitHub's private vulnerability reporting
Please provide as much of the following as possible:
- π Description of the vulnerability
- π Steps to reproduce
- π₯ Potential impact
- π‘ Suggested fix (if you have one)
- β±οΈ Acknowledgment within 48 hours
- π Assessment within 1 week
- π οΈ Fix or mitigation as quickly as possible
- π Credit in the release notes (unless you prefer anonymity)
This repository has the following GitHub security features configured:
| Feature | Status | Notes |
|---|---|---|
| β Dependabot Alerts | Enabled | Monitors dependencies for known vulnerabilities |
| β Dependabot Security Updates | Enabled | Auto-creates PRs to fix vulnerable dependencies |
| π Secret Scanning | Available when public | Detects accidentally committed secrets |
| π Secret Scanning Push Protection | Available when public | Blocks pushes containing secrets |
| π Code Scanning (CodeQL) | Available when public | Static analysis for security bugs |
π‘ Note: Secret scanning, push protection, and CodeQL code scanning are automatically enabled when this repository is made public. For private repos, these features require GitHub Advanced Security.
Since this is a Copilot CLI skill (no runtime code, only markdown instructions), the primary security considerations are:
- π No secrets in skill files β SKILL.md and agent.md should never contain API keys, tokens, or credentials
- π Safe instructions β Skill instructions should never instruct the agent to bypass security controls
- π Dependency awareness β If dependencies are added in the future, keep them updated
This project is licensed under the MIT License.