Currently supported versions of DoNest with security updates:
| Version | Supported |
|---|---|
| 1.0.x | β |
| 0.0.x | β |
We take the security of DoNest seriously. If you believe you have found a security vulnerability, please report it to us as described below.
- Do Not disclose the vulnerability publicly until it has been addressed.
- Email your findings to [INSERT-EMAIL]. Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any possible solutions you can suggest
- Initial Response: Within 48 hours
- Status Update: Within 5 business days
- Resolution Timeline: Typically within 30 days
-
Keep VS Code Updated
- Always use the latest version of Visual Studio Code
- Keep the DoNest extension updated
-
Workspace Security
- Be cautious when opening tasks in untrusted workspaces
- Review task content before executing associated actions
-
File Access
- Only allow DoNest to access necessary workspace folders
- Review file paths when creating tasks
-
Code Review
- All changes must go through security review
- Follow secure coding practices
- Use approved VS Code APIs
-
Dependencies
- Keep dependencies up to date
- Use only trusted and verified packages
- Regular security audits using
npm audit
-
Data Handling
- Minimize data storage
- Use VS Code's secure storage APIs
- Properly sanitize user inputs
DoNest implements several security measures:
-
Data Storage
- Uses VS Code's built-in secure storage
- No external data transmission
- Local workspace scope only
-
File Access
- Restricted to workspace boundaries
- Respects VS Code's file system permissions
- No arbitrary file system access
-
Input Validation
- Sanitization of user inputs
- Path validation for file operations
- Safe task content handling
-
Branch Protection
- Main branch requires review
- Signed commits required
- CI/CD checks mandatory
-
Release Process
- Version verification
- Security scan before release
- Changelog review
| Level | Description | Response Time |
|---|---|---|
| Critical | Immediate security risk | 24 hours |
| High | Significant vulnerability | 48 hours |
| Medium | Limited security impact | 1 week |
| Low | Minimal security risk | 2 weeks |
-
Assessment
- Verify report
- Determine severity
- Plan mitigation
-
Resolution
- Develop fix
- Test solution
- Security review
-
Deployment
- Release update
- Update documentation
- Notify users if necessary
For security concerns, contact:
- GitHub Security Tab: Security Issues
We appreciate the security research community's efforts in helping keep DoNest secure. Contributors who report valid security issues will be acknowledged in our Hall of Fame (unless they prefer to remain anonymous).
Last Updated: July 15, 2025