Skip to content

Security: zsxh1990/automatic-potato

SECURITY.md

Security Policy

Supported Versions

Version Supported
latest
< 1.0

Reporting a Vulnerability

If you discover a security vulnerability, please report it responsibly.

Do NOT open a public issue.

Instead, please email us at: security@whitehat-bot.dev (or use GitHub Security Advisories)

What to include

  • Description of the vulnerability
  • Steps to reproduce
  • Potential impact
  • Suggested fix (if any)

Response timeline

  • Acknowledgment: within 48 hours
  • Initial assessment: within 1 week
  • Fix or mitigation: within 2 weeks (critical), 4 weeks (non-critical)

Security Best Practices for Users

  • Never commit API keys or secrets to the repository
  • Use environment variables or deepcode_config.json with ${ENV_VAR} references
  • Review deepcode_config.json.example for the recommended configuration pattern
  • Keep dependencies updated (pip install -U -r requirements.txt)

Dependency Security

We use Dependabot to automatically monitor and update dependencies for known vulnerabilities.

There aren't any published security advisories