Only the latest major release (x.y.z where x is the major release) is supported
To report a security vulnerability please email [email protected]
The Security of this project is very important to us. Here are some of the steps we have taken to ensure your security.
- 2FA - All repositories in the LM orginazation require two factor authentication for all contributers.
- OSSF Scorecard - We have enabled the OSSF scorecard action on the github mirror of this project and implemented all recomendations.
- We have walked through the OSSF best practices self certification.
- we have enabled codeql which is high quality SAST scanner targeted at detecting vulnerabilities with low false positive rates.- Protected Branches and Code Reviews - All commits to main (following initial release) require a merge request with code review.
- Renovate Bot - This repository is configured with renovate to ensure we are always up to date with our upstream dependencies.
- SBOM - This project publishes a cyclone-dx compatable SBOM with each release. It is available under the releases page.