| Version | Supported |
|---|---|
| latest | ✅ |
| < 1.0 | ❌ |
If you discover a security vulnerability, please report it responsibly.
Do NOT open a public issue.
Instead, please email us at: security@whitehat-bot.dev (or use GitHub Security Advisories)
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: within 48 hours
- Initial assessment: within 1 week
- Fix or mitigation: within 2 weeks (critical), 4 weeks (non-critical)
- Never commit API keys or secrets to the repository
- Use environment variables or
deepcode_config.jsonwith${ENV_VAR}references - Review
deepcode_config.json.examplefor the recommended configuration pattern - Keep dependencies updated (
pip install -U -r requirements.txt)
We use Dependabot to automatically monitor and update dependencies for known vulnerabilities.