Skunkworks Digital is committed to protecting the integrity and security of our codebase and the applications we build.
| Version | Status |
|---|---|
| 5.1.x | β Supported |
| 5.0.x | β No longer supported |
| 4.0.x | β Supported |
| < 4.0 | β Deprecated |
We welcome responsible disclosure of security vulnerabilities. If you discover a security issue in this repository or any of our digital assets, please follow these steps:
-
Send a detailed report to:
π§ security@skunkworks.digital -
Include the following in your report:
- Project name and affected file/endpoint
- Version (if applicable)
- Steps to reproduce the issue
- Proof-of-concept (PoC) code or screenshots
- Potential impact and suggested remediation (if available)
-
Response Time:
- β±οΈ Acknowledgement within 48 hours
- π Investigation and triage within 7 business days
- π οΈ Patch ETA will be communicated based on severity
-
Disclosure:
- Please do not disclose the vulnerability publicly before a fix is released.
- We will credit responsible reporters in our release notes unless anonymity is requested.
We follow industry best practices, including:
- Regular dependency audits
- Static and dynamic code analysis
- GitHub Code Scanning & Dependabot alerts
- 2FA and role-based access control (RBAC)
We require all maintainers to use GPG-signed commits for enhanced trust.
Your help in making Skunkworks Digital safer is highly appreciated.