ZaneDev/ZanePersonal
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects 1 Releases Wiki Activity
Files
7d3df10e826af5fd60cbdcef3d6ef3864241f030
ZanePersonal/SECURITY.md
copilot-swe-agent[bot] 7a4996c40a feat: Add testing infrastructure and documentation 
- Set up Vitest for unit testing with jsdom
- Add test setup with Web Audio API and requestAnimationFrame mocks
- Create initial test suites for DOM and animations modules
- Add test scripts to package.json (test, test:ui, test:run, coverage)
- Update CI workflow to include test execution
- Create CONTRIBUTING.md with conventional commits guidelines
- Create SECURITY.md with security policy
- Update ESLint config to support test files
- All tests passing (8/8)

Co-authored-by: ZaneThePython <102631678+ZaneThePython@users.noreply.github.com>
2025-11-09 00:14:31 +00:00

2.0 KiB
Raw Blame History

Security Policy

Supported Versions

This is a personal website project. The latest version on the main branch is always supported.

Version Supported
Latest
Older

Reporting a Vulnerability

If you discover a security vulnerability in this project, please report it responsibly:

Email

Send details to contact@zane.org with:

  • Description of the vulnerability
  • Steps to reproduce
  • Potential impact
  • Suggested fix (if any)

What to Expect

  • Response time: Within 48 hours
  • Updates: Regular communication about the issue
  • Fix timeline: Depends on severity and complexity
  • Disclosure: Coordinated disclosure after fix is deployed

Please Do Not

  • Create public issues for security vulnerabilities
  • Exploit vulnerabilities beyond proof-of-concept
  • Access data that doesn't belong to you
  • Perform DoS attacks

Security Measures

This project implements several security best practices:

Code Security

  • Input Sanitization: All user inputs are sanitized (minimal as site is static)
  • Dependencies: Regular security audits via npm audit
  • Linting: ESLint configured to catch common security issues
  • CSP Ready: Content Security Policy headers can be added by hosting provider

Build Security

  • Dependency Scanning: GitHub Dependabot enabled
  • Automated Updates: Security patches applied automatically
  • CI/CD: All code passes linting and build checks

Best Practices

  • No sensitive data in repository
  • No API keys or credentials in code
  • HTTPS enforced on live site
  • Regular dependency updates
  • Minimal external dependencies

Known Limitations

As a static personal website:

  • No backend or database
  • No user authentication
  • No data collection or storage
  • Minimal attack surface

Security Updates

Security fixes are released as soon as possible after discovery. Check the CHANGELOG for security-related updates.

Last updated: November 2024

Reference in New Issue View Git Blame Copy Permalink