ZaneDev/ZanePersonal
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects 1 Releases Wiki Activity
Files
b45efbeef6277838fb992c8d296b2359e18cd5bf
ZanePersonal/SECURITY.md
copilot-swe-agent[bot] 7a4996c40a feat: Add testing infrastructure and documentation 
- Set up Vitest for unit testing with jsdom
- Add test setup with Web Audio API and requestAnimationFrame mocks
- Create initial test suites for DOM and animations modules
- Add test scripts to package.json (test, test:ui, test:run, coverage)
- Update CI workflow to include test execution
- Create CONTRIBUTING.md with conventional commits guidelines
- Create SECURITY.md with security policy
- Update ESLint config to support test files
- All tests passing (8/8)

Co-authored-by: ZaneThePython <102631678+ZaneThePython@users.noreply.github.com>
2025-11-09 00:14:31 +00:00

72 lines
2.0 KiB
Markdown
Raw Blame History

# Security Policy
## Supported Versions
This is a personal website project. The latest version on the `main` branch is always supported.
| Version | Supported |
| ------- | ------------------ |
| Latest | :white_check_mark: |
| Older | :x: |
## Reporting a Vulnerability
If you discover a security vulnerability in this project, please report it responsibly:
### Email
Send details to [contact@zane.org](mailto:contact@zane.org) with:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
### What to Expect
- **Response time**: Within 48 hours
- **Updates**: Regular communication about the issue
- **Fix timeline**: Depends on severity and complexity
- **Disclosure**: Coordinated disclosure after fix is deployed
### Please Do Not
- Create public issues for security vulnerabilities
- Exploit vulnerabilities beyond proof-of-concept
- Access data that doesn't belong to you
- Perform DoS attacks
## Security Measures
This project implements several security best practices:
### Code Security
- **Input Sanitization**: All user inputs are sanitized (minimal as site is static)
- **Dependencies**: Regular security audits via `npm audit`
- **Linting**: ESLint configured to catch common security issues
- **CSP Ready**: Content Security Policy headers can be added by hosting provider
### Build Security
- **Dependency Scanning**: GitHub Dependabot enabled
- **Automated Updates**: Security patches applied automatically
- **CI/CD**: All code passes linting and build checks
### Best Practices
- No sensitive data in repository
- No API keys or credentials in code
- HTTPS enforced on live site
- Regular dependency updates
- Minimal external dependencies
## Known Limitations
As a static personal website:
- No backend or database
- No user authentication
- No data collection or storage
- Minimal attack surface
## Security Updates
Security fixes are released as soon as possible after discovery. Check the [CHANGELOG](CHANGELOG.md) for security-related updates.
---
*Last updated: November 2024*
Reference in New Issue View Git Blame Copy Permalink