Skip to content

Security: bmarshall511/forexflow

.github/SECURITY.md

Security Policy

Supported Versions

Version Supported
latest

Reporting a Vulnerability

If you discover a security vulnerability, please report it responsibly:

  1. Do NOT open a public GitHub issue.
  2. Email the maintainer directly or use GitHub's private vulnerability reporting.
  3. Include a description of the vulnerability, steps to reproduce, and potential impact.
  4. You will receive a response within 48 hours acknowledging the report.

Security Measures

  • All API keys and tokens are encrypted at rest (AES-256-GCM).
  • Environment secrets are never committed to the repository.
  • TradingView webhook ingestion validates source IPs.
  • Dependency vulnerabilities are monitored via Renovate and pnpm audit.

There aren't any published security advisories