Only the latest version of the AWS GraphQL API is actively maintained and receives security updates.
| Version | Supported |
|---|---|
| 1.0.x | โ |
| < 1.0 | โ |
- ๐ AWS IAM Authentication
- ๐ Non-root Docker container execution
- ๐ก๏ธ Input validation through GraphQL schema
- ๐ฆ Dependencies regularly updated and monitored
- ๐ Automated security scanning in CI/CD
We take security vulnerabilities seriously. If you discover a security issue, please bring it to our attention right away:
- DO NOT open a public GitHub issue.
- Submit your report privately via email to [SECURITY CONTACT EMAIL]
- Include detailed steps to reproduce the vulnerability
- Expect an initial response within 48 hours
When deploying this API:
-
AWS IAM
- Use the principle of least privilege
- Regularly rotate AWS credentials
- Use IAM roles instead of access keys when possible
-
Docker Security
- Keep base images updated
- Never run containers as root
- Use Docker content trust
-
API Security
- Enable AWS CloudTrail logging
- Monitor API usage with CloudWatch
- Implement rate limiting at the API Gateway level
We use pnpm with lockfiles to ensure dependency consistency and security:
- Dependencies are automatically updated via Dependabot
- Security advisories are monitored
- Vulnerability patches are applied promptly
- Security issues will be patched as quickly as possible
- Updates will be released as patch versions
- Users will be notified through GitHub releases
- Critical vulnerabilities will be communicated directly to users who have starred/watched the repository