Skip to content

Security: devkumar-projects/ProcureLens-AI

Security

SECURITY.md

Security policy

Credentials

The application never requires credentials inside source files or spreadsheets. It reads secrets from:

  1. environment variables, when present; or
  2. the operating-system keychain through keyring.

Never paste credentials into an issue, log, workbook, screenshot, or commit. Revoke any credential that was ever committed to version control, even if the commit was later deleted.

Responsible disclosure

Report security issues privately to the repository owner. Include a minimal reproduction and do not publish working exploits before a fix is available.

Scope

This project does not attempt to bypass authentication, paywalls, CAPTCHAs, access controls, rate limits, or anti-bot protections. Such bypass features are outside the project scope.

There aren't any published security advisories