Skip to content

Security: SecurityWithAdarsh/DevSecOps-CI-CD-Pipeline

Security

SECURITY.md

Security Policy

Supported Versions

Version Supported
1.x ✅ Yes

Reporting a Vulnerability

If you discover a security vulnerability in this project, please do not open a public GitHub issue.

Instead, report it via:

Please include:

  1. Description of the vulnerability
  2. Steps to reproduce
  3. Potential impact
  4. Suggested fix (if any)

I aim to respond within 72 hours and will keep you updated on the fix timeline.

Security Controls in This Project

This project implements the following security controls in the CI/CD pipeline:

Control Tool Stage
Static Analysis (SAST) Bandit, Semgrep, CodeQL Pre-build
Dependency Scanning (SCA) Safety, pip-audit Pre-build
Secret Detection Gitleaks Pre-build
Container Scanning Trivy Post-build
Dynamic Analysis (DAST) OWASP ZAP Post-deploy
Dependency Review GitHub Dependency Review PR gate

There aren't any published security advisories