docs: add SECURITY.md
Some checks failed
Some checks failed
This commit is contained in:
31
SECURITY.md
Normal file
31
SECURITY.md
Normal file
@@ -0,0 +1,31 @@
|
|||||||
|
# Security Policy
|
||||||
|
|
||||||
|
## Reporting Vulnerabilities
|
||||||
|
|
||||||
|
If you discover a security vulnerability, please report it responsibly:
|
||||||
|
|
||||||
|
1. **Do NOT** open a public issue
|
||||||
|
2. Use the **Security Report** issue template (marked confidential)
|
||||||
|
3. Or email: amundsonalexa@gmail.com
|
||||||
|
|
||||||
|
## Supported Versions
|
||||||
|
|
||||||
|
| Version | Supported |
|
||||||
|
|---------|-----------|
|
||||||
|
| Latest | Yes |
|
||||||
|
|
||||||
|
## Security Practices
|
||||||
|
|
||||||
|
- All SSH keys are audited regularly
|
||||||
|
- Secrets are stored in Cloudflare Worker secrets, never in code
|
||||||
|
- UFW firewall on all exposed nodes
|
||||||
|
- WireGuard encrypted mesh between all nodes
|
||||||
|
- Cloudflare Tunnels for external access (no open ports)
|
||||||
|
- Agent tokens are per-user with minimal required permissions
|
||||||
|
|
||||||
|
## Agents
|
||||||
|
|
||||||
|
Sentinel (🛡️) automatically reviews all issues and PRs for security implications.
|
||||||
|
|
||||||
|
---
|
||||||
|
*BlackRoad OS — Pave Tomorrow.*
|
||||||
Reference in New Issue
Block a user