Hartmut
b41c1d2501
CI / Architecture Guardrails (push) Successful in 2m38s
CI / Assistant Split Regression (push) Successful in 3m33s
CI / Typecheck (push) Successful in 3m51s
CI / Lint (push) Successful in 5m2s
CI / E2E Tests (push) Has been cancelled
CI / Fresh-Linux Docker Deploy (push) Has been cancelled
CI / Release Images (push) Has been cancelled
CI / Build (push) Has been cancelled
CI / Unit Tests (push) Has been cancelled
rename(phase 1): CapaKraken → Nexus across code, UI, docs, CI (#61) Co-authored-by: Hartmut Nörenberg <hn@hartmut-noerenberg.com> Co-committed-by: Hartmut Nörenberg <hn@hartmut-noerenberg.com>
28 lines
886 B
Markdown
28 lines
886 B
Markdown
# Security Policy
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
If you discover a security vulnerability in Nexus, please report it responsibly.
|
|
|
|
**Do not** open a public GitHub issue for security vulnerabilities.
|
|
|
|
Instead, please email the maintainer directly with:
|
|
|
|
1. A description of the vulnerability
|
|
2. Steps to reproduce
|
|
3. Potential impact assessment
|
|
|
|
We will acknowledge receipt within 48 hours and provide a timeline for resolution.
|
|
|
|
## Supported Versions
|
|
|
|
Only the latest version on the `main` branch receives security updates.
|
|
|
|
## Security Practices
|
|
|
|
- Dependencies are audited nightly via `pnpm audit` and on every CI run
|
|
- Authentication uses Argon2-based password hashing via Auth.js v5
|
|
- Rate limiting is enforced on all API endpoints with Redis-backed counters
|
|
- All database mutations use parameterized queries via Prisma (no raw SQL)
|
|
- Session tokens are rotated on password change
|