At Asadatik.dev, the security of my portfolio repository is a top priority. This document outlines the security practices for the repository and provides clear guidelines for reporting security vulnerabilities. Maintaining a secure environment ensures the integrity of my work and helps foster trust within the community exploring the projects.
If you discover a security vulnerability within the asadatik.dev repository, I encourage you to report it promptly. While the repository is public, I have clear guidelines for handling vulnerability reports to ensure the security and privacy of my work.
You are welcome to report security vulnerabilities publicly by creating an issue in the repository's issue tracker. Please use the security issue template provided to ensure that all necessary details are included when reporting a security vulnerability.
I will review all reported issues as promptly as possible. My commitment is to acknowledge the report within 48 hours. After that, I will provide updates on remediation efforts and any timelines for fixing the vulnerability.
To ensure the security of the asadatik.dev repository, I follow a set of best practices in managing dependencies, commits, and code contributions. Below are some of the key practices I follow:
Before adding or updating dependencies in the repository, I follow these steps to ensure security:
- Version Check: Ensure the dependency version is compatible with the projects in the repository.
- Vulnerability Check: Assess the dependency for known vulnerabilities using trusted security databases.
- Project Activity: Confirm that the dependency is actively maintained and updated.
- Quality Assurance: Evaluate the dependency based on community feedback and performance metrics.
All commits made to the asadatik.dev repository are GPG signed to ensure authenticity and the integrity of contributions. This practice verifies my identity as the sole contributor and prevents unauthorized changes to the codebase.
Although only I contribute to the repository, I conduct thorough code reviews to ensure that no security vulnerabilities are introduced into the projects. Code reviews are especially critical when implementing new features or making changes to core components.
I adhere to established secure coding standards and best practices to minimize the risk of security vulnerabilities in the codebase.
Given that the repository is public but only I can contribute to it, it's important to enforce appropriate access control and monitoring:
The repository is publicly accessible, but only I, Md Asaduzzaman Atik, am allowed to contribute to it. Public users can explore, copy, and learn from the content, but they cannot directly modify the repository.
I regularly monitor activity within the repository for any unusual or potentially malicious behavior. Although contributions are restricted to me, I keep track of public issues and discussions to address security concerns and potential vulnerabilities raised by others.
Thank you for your interest in my portfolio repository asadatik.dev. By reporting vulnerabilities and adhering to security best practices, you help maintain a secure environment and ensure the integrity of my work. Your cooperation is essential in fostering a safe and secure space for learning, development, and growth.
Should you notice any vulnerabilities or security-related issues, please feel free to open an issue, and I will address it accordingly.
Let me know if further adjustments are required!