| Version | Supported |
|---|---|
| 1.x.x | ✅ |
| < 1.0 | ❌ |
If you discover a security vulnerability in the Agent Platform, please follow these steps:
-
DO NOT create a public GitHub issue
-
Email security@5dlabs.com with:
-
Description of the vulnerability
-
Steps to reproduce
-
Potential impact
-
Any suggested fixes
-
We will acknowledge receipt within 48 hours and provide updates on the fix timeline.
This repository has the following security measures in place:
- ✅ Push Protection: Enabled - prevents accidental commits of secrets
- ✅ Secret Scanning: Enabled - scans for known secret patterns
- ✅ Validity Checks: Enabled - verifies if detected secrets are active
- ✅ Custom Patterns: Configured for organization-specific secrets
- 🔒 Pre-commit Hooks: Local secret scanning before commits
-
Never commit secrets - Use environment variables or secret management systems
-
Use
.gitignore- Ensure sensitive files are excluded -
Regular rotation - Rotate credentials regularly
-
Least privilege - Grant minimal necessary permissions
-
Review warnings - Take push protection warnings seriously
If you accidentally expose a secret:
-
Immediately revoke the exposed credential
-
Generate new credentials
-
Update all systems using the credential
-
Review logs for any unauthorized access
-
Report the incident to security@5dlabs.com