We actively support the following versions of Annie documentation:
| Version | Supported |
|---|---|
| Latest | β |
| Main | β |
We take security seriously. If you discover a security vulnerability in the Annie documentation repository, please follow these steps:
DO NOT open a public issue for security vulnerabilities.
Instead, please:
- Email us directly at: [email protected]
- Use GitHub Security Advisories: Go to the Security tab and click "Report a vulnerability"
When reporting a vulnerability, please include:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact of the vulnerability
- Suggested fix (if you have one)
- Your contact information for follow-up
- Initial response: Within 48 hours
- Status update: Within 7 days
- Resolution timeline: Depends on severity, typically 14-30 days
Our documentation repository implements:
- Automated security scanning with CodeQL
- Dependency vulnerability checking with safety and bandit
- Regular security updates via automated workflows
- Access controls on repository settings and secrets
We appreciate security researchers who help keep our documentation safe. With your permission, we'll acknowledge your contribution in:
- Repository security advisories
- Project documentation
- Security hall of fame (if applicable)
When contributing to this repository:
- Keep dependencies updated - Use the automated dependency update PRs
- Follow secure coding practices - Scripts are scanned with bandit and semgrep
- Don't commit secrets - Use environment variables and GitHub secrets
- Review security warnings - Address any CodeQL findings
Thank you for helping keep the Annie documentation secure! π‘οΈ