docs: wrap security policy prose
This commit is contained in:
14
SECURITY.md
14
SECURITY.md
@@ -18,8 +18,8 @@ Report security concerns privately to the repository maintainer. Include as much
|
|||||||
- the potential impact;
|
- the potential impact;
|
||||||
- any suggested fix or mitigation, if you have one.
|
- any suggested fix or mitigation, if you have one.
|
||||||
|
|
||||||
You can expect a best-effort response acknowledging the report, followed by validation and a fix when
|
You can expect a best-effort response acknowledging the report, followed by validation and a fix
|
||||||
the issue is reproducible and in scope.
|
when the issue is reproducible and in scope.
|
||||||
|
|
||||||
## Security Scope
|
## Security Scope
|
||||||
|
|
||||||
@@ -48,17 +48,17 @@ The following are generally out of scope unless they expose a direct application
|
|||||||
## Operational Notes
|
## Operational Notes
|
||||||
|
|
||||||
This application is designed to be self-hosted and local-first. If you deploy it beyond a private
|
This application is designed to be self-hosted and local-first. If you deploy it beyond a private
|
||||||
local environment, you are responsible for the surrounding production controls, including TLS, network
|
local environment, you are responsible for the surrounding production controls, including TLS,
|
||||||
access, backups, secrets management, reverse proxy configuration, logging retention, and dependency
|
network access, backups, secrets management, reverse proxy configuration, logging retention, and
|
||||||
monitoring.
|
dependency monitoring.
|
||||||
|
|
||||||
Use a strong `PLAYBACK_PROXY_SECRET` if playback proxy token signing is enabled. Do not commit real
|
Use a strong `PLAYBACK_PROXY_SECRET` if playback proxy token signing is enabled. Do not commit real
|
||||||
secrets, provider tokens, session data, or production databases to the repository.
|
secrets, provider tokens, session data, or production databases to the repository.
|
||||||
|
|
||||||
## Dependency Security
|
## Dependency Security
|
||||||
|
|
||||||
Dependencies are managed through Go modules and Bun. When updating dependencies, run the normal local
|
Dependencies are managed through Go modules and Bun. When updating dependencies, run the normal
|
||||||
checks before merging:
|
local checks before merging:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
just check
|
just check
|
||||||
|
|||||||
Reference in New Issue
Block a user