Skip to content

Security: zircote-plugins/sdlc-quality

Security

SECURITY.md

Security Policy

Supported Versions

Version Supported
1.x.x Yes

Reporting a Vulnerability

If you discover a security vulnerability in this plugin, please report it responsibly.

How to Report

  1. Do not open a public GitHub issue for security vulnerabilities
  2. Email: security@zircote.com (or open a private security advisory on GitHub)
  3. Include:
    • Description of the vulnerability
    • Steps to reproduce
    • Potential impact
    • Suggested fix (if any)

Response Timeline

  • Initial response: Within 48 hours
  • Assessment: Within 7 days
  • Fix timeline: Based on severity
Severity Target Resolution
Critical 7 days
High 30 days
Medium 90 days
Low Next release

Security Scope

This plugin provides SDLC guidance and does not execute code or handle sensitive data directly. However, security concerns may include:

  • Guidance that could lead to insecure configurations
  • Outdated security recommendations
  • Missing security best practices

Acknowledgments

We appreciate responsible disclosure and will acknowledge security researchers who report valid vulnerabilities (unless they prefer to remain anonymous).

There aren't any published security advisories