Skip to content

Security: DHANUSHGCODE/AI-Powered-Anomaly-Detection-Module-for-DefectDojo-Using-Machine-Learning

Security

SECURITY.md

Security Policy

Supported Versions

We release patches for security vulnerabilities. Which versions are eligible for receiving such patches depends on the CVSS v3.0 Rating:

Version Supported
1.0.x
< 1.0

Reporting a Vulnerability

We take security bugs seriously. We appreciate your efforts to responsibly disclose your findings.

Where to Report

Please report security vulnerabilities by opening an issue in this repository with the label security.

Do not disclose the vulnerability publicly until we've had a chance to address it.

What to Include

When reporting a vulnerability, please include:

  • Description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact of the vulnerability
  • Suggested fix (if any)
  • Your contact information for follow-up

Response Timeline

We will acknowledge your report within 48 hours and aim to provide a more detailed response within 7 days, including:

  • Confirmation of the issue
  • Our plan for addressing it
  • Expected timeline for a patch

Disclosure Policy

Once a security vulnerability has been patched:

  1. We will release a security advisory
  2. Credit will be given to the reporter (unless you prefer to remain anonymous)
  3. The vulnerability details will be made public after users have had time to update

Security Best Practices for Users

To ensure the security of your deployment:

  1. Keep Dependencies Updated

    pip install --upgrade -r requirements.txt
npm update

  2. Use Environment Variables for sensitive configuration

    • Never commit credentials to the repository
    • Use .env files (add to .gitignore)

  3. Enable Authentication in production deployments

    • Implement OAuth2 for user authentication
    • Use API keys for backend services

  4. Regular Security Audits

    # Python security check
pip install safety
safety check

# Node.js security check
npm audit

  5. Secure Database Configuration

    • Use strong passwords
    • Enable SSL/TLS for database connections
    • Limit database access to necessary services only

  6. Network Security

    • Use HTTPS in production
    • Configure firewalls appropriately
    • Implement rate limiting on APIs

Known Issues

Currently, there are no known security vulnerabilities. Check the Security Advisories page for updates.

Security Features

This platform includes:

  • AI-powered Anomaly Detection for identifying potential security threats
  • Real-time Log Monitoring for detecting suspicious activities
  • Threat Classification System categorizing events by severity
  • Secure API Design using FastAPI with built-in security features

Contact

For sensitive security matters, please reach out through GitHub issues with the security label.

Thank you for helping keep our project secure! 🔒

There aren’t any published security advisories