Security Policy

Supported Versions

Currently, only the latest version of Dev-Toolbox is supported with security updates.

We take the security of this project seriously. If you believe you have found a security vulnerability, please do not open a public issue. Instead, please report it via email to the project maintainers.

Security Features in Use

This project employs several security-focused Rust crates to protect sensitive information:

secrecy: Used to wrap sensitive tokens (like GitHub API tokens) to prevent accidental logging or exposure.
zeroize: Ensures that sensitive data is securely wiped from memory when it is no longer needed.
https-only: All networking through reqwest is configured to enforce HTTPS.
Token Scope Inspection: Integrated validation of GitHub token scopes (x-oauth-scopes) to warn users when broad or dangerous permissions (e.g., full repo access) are detected.

Credentials

Never commit your .env file or any other files containing real secrets. This project includes a .gitignore that excludes common secret files.

Dev-Toolbox Documentation

Security Policy

Supported Versions

Reporting a Vulnerability

Security Features in Use

Credentials