Use this section to tell people about which versions of your project are currently being supported with security updates.
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
If you discover a security vulnerability within Git Onboard, please send an email to security@1bitcode.com. All security vulnerabilities will be promptly addressed.
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact of the vulnerability
- Suggested fix (if any)
- Initial response: Within 48 hours
- Status update: Within 1 week
- Resolution: As soon as possible, typically within 2 weeks
- Security vulnerabilities will be disclosed via GitHub Security Advisories
- Patches will be released as soon as possible
- Credit will be given to reporters who wish to be acknowledged
When using Git Onboard:
- Keep your SSH keys secure - Never share your private SSH keys
- Use HTTPS for sensitive repositories - Consider using HTTPS instead of SSH for very sensitive projects
- Review .gitignore carefully - Ensure sensitive files are properly ignored
- Update regularly - Keep Git Onboard updated to the latest version
- Monitor logs - Check the log file for any suspicious activity
Git Onboard includes several security features:
- No external dependencies - Reduces attack surface
- Local processing only - No data sent to external services
- Secure file handling - Proper file permissions and cleanup
- Input validation - All user inputs are validated
- Error handling - Secure error messages that don't leak sensitive information
For security-related issues, please contact:
- Email: security@1bitcode.com
- GitHub: Create a private security advisory