Skip to content

Security: cloudeteer/caf-terraform-landingzones

Security

SECURITY.md

Security Policy

We take the security of our project seriously and appreciate your efforts to responsibly disclose any vulnerabilities you may find. This document outlines our security policy and the steps for reporting security issues.

Supported Versions

We only support the latest rolling release available on the main branch. All security updates and patches will be applied to this branch, and we recommend all users to keep their installations up to date with the latest version from main.

Reporting a Vulnerability

If you discover a security vulnerability, please follow these steps to report it to us:

  1. Do Not Open a Public Issue: Please do not report security vulnerabilities using the public issue tracker. This helps prevent any accidental disclosure of sensitive information.

  2. Reporting via GitHub: Use the GitHub security advisories feature to report a vulnerability. Navigate to the "Security" tab in the repository and click on "Report a vulnerability". Follow the instructions to submit your report confidentially.

  3. Acknowledgment and Response: We will acknowledge receipt of your report within 72 hours and provide a timeline for a resolution. We may ask for additional information to help us understand and resolve the issue.

  4. Public Disclosure: Once the vulnerability is resolved, we will issue a security update and publicly disclose the vulnerability. We will credit the reporter unless they wish to remain anonymous.

Security Best Practices

We encourage all users and contributors to follow these security best practices:

  • Keep your software up to date with the latest security patches.
  • Use strong, unique passwords and enable two-factor authentication (2FA) on your GitHub account.
  • Be cautious when clicking on links or downloading files from untrusted sources.

Contact

If you have any questions or need further assistance, please use the GitHub issues for general inquiries.

Thank you for helping us keep our project secure!

There aren’t any published security advisories