Skip to content

Commit c4e3600

Browse files
committed
1
1 parent cbaf784 commit c4e3600

3 files changed

Lines changed: 64 additions & 0 deletions

File tree

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
name: Security Scan
2+
3+
on:
4+
push:
5+
branches:
6+
- "**"
7+
pull_request:
8+
9+
jobs:
10+
secret-scan:
11+
runs-on: ubuntu-latest
12+
permissions:
13+
contents: read
14+
steps:
15+
- name: Checkout
16+
uses: actions/checkout@v4
17+
with:
18+
fetch-depth: 0
19+
20+
- name: Run Gitleaks
21+
uses: gitleaks/gitleaks-action@v2
22+
env:
23+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.gitignore

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,22 @@ target/
66
# Runtime artifacts
77
data/
88

9+
# Secrets and local credentials
10+
.env
11+
.env.*
12+
!.env.example
13+
*.pem
14+
*.key
15+
*.p12
16+
*.pfx
17+
*.jks
18+
*.keystore
19+
*.crt
20+
*.cer
21+
*.der
22+
secrets/
23+
credentials/
24+
925
# IDE
1026
.idea/
1127
.vscode/

SECURITY.md

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
# Security Policy
2+
3+
## Supported Versions
4+
5+
This repository currently supports security fixes on the `main` branch.
6+
7+
## Reporting a Vulnerability
8+
9+
If you discover a security issue, please do **not** open a public issue.
10+
11+
Instead:
12+
1. Email the maintainer directly (or use GitHub private security reporting if enabled).
13+
2. Include clear reproduction steps, affected files/paths, and impact.
14+
3. Share any proof-of-concept in a safe, non-destructive format.
15+
16+
You can expect:
17+
- Initial acknowledgement within 3 business days.
18+
- Triage and severity assessment as quickly as possible.
19+
- Coordinated disclosure once a fix is available.
20+
21+
## Secure Development Notes
22+
23+
- Never commit secrets, tokens, private keys, or `.env` files.
24+
- Use local environment variables for credentials.
25+
- Generated build artifacts (`bin/`, `target/`, `*.class`) should stay out of version control.

0 commit comments

Comments
 (0)