Security Policy¶
This document describes the security policy for SpectraFit.
Supported Versions¶
Our current policy is to support the latest version of SpectraFit and the last two minor releases.
Security Checks¶
Currently, the following security checks are implemented in the CI pipelines or as third-party services:
| Tool | Checks | Implemented as |
|---|---|---|
| GitHub's CodeQL | Used to check for potential vulnerabilities in the code. |  |
| Synk | Used to check for known vulnerabilities in the dependencies. |  |
| SonarCloud | Used to find code quality issues and potential vulnerabilities. | |
| GitHub's Dependabot | Used to check for outdated dependencies. | |
| Pre-commit | Used to check for code quality and formatting issues. | |
| Codecov | Used to check for coverage rate to ensure that the code is completely tested. | |
Additionally, branch protection rules are used to ensure that the code is reviewed before it is merged into the main branch.
Reporting a Vulnerability¶
If you find a vulnerability, please report it by opening an issue here. Please use the vulnerability template and provide as much information as possible.
Current Python vulnerabilities can be found at the
GitHub's Advisory Database. See also: