Skip to content

Security: cver-me/serviti

Security

SECURITY.md

Security Policy

Supported Versions

We release patches for security vulnerabilities for the latest version only. Users should always run the latest version for security updates.

Reporting a Vulnerability

If you discover a security vulnerability within Serviti, please send an email to security@serviti.app. All security vulnerabilities will be promptly addressed.

Please do not publicly disclose the vulnerability until we have had a chance to address it.

Security Practices

This project follows several security best practices:

  1. No hardcoded secrets: All sensitive information should be stored in environment variables
  2. Dependency management: Regular updates and security scans of dependencies
  3. Authentication: Secure user authentication using industry-standard libraries
  4. Data protection: All sensitive data is stored server-side, never in client-side code
  5. Secure communications: All data transmission uses HTTPS encryption

Environment Variables

Never commit environment variables containing secrets to the repository. The following files are ignored by git:

  • .env.local
  • .env.development.local
  • .env.test.local
  • .env.production.local

Code Review Process

All code changes are reviewed for security implications before merging. Particular attention is paid to:

  • Input validation and sanitization
  • Authentication and authorization checks
  • Data handling and storage practices
  • Dependency updates

Deployment Security

For production deployments, ensure:

  1. All environment variables are properly configured
  2. HTTPS is enabled
  3. Regular backups are performed
  4. Access logs are monitored
  5. Dependencies are kept up to date

There aren't any published security advisories