The following versions of RVToolsMerge are currently supported with security updates:
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
RVToolsMerge uses the following security features and practices:
-
GitHub Advanced Security:
- CodeQL Analysis for automated code scanning
- Dependency Review to catch vulnerabilities in dependencies
- Secret Scanning to prevent credential leaks
- Dependabot security updates
-
Data Protection Features:
- Comprehensive anonymization of sensitive infrastructure data:
- VM names
- DNS names
- IP addresses
- Cluster names
- Host names
- Datacenter names
- Consistent anonymization that preserves data relationships
- Option to include only mandatory columns to limit data exposure
- No storage of sensitive information in memory longer than necessary
- Comprehensive anonymization of sensitive infrastructure data:
-
Additional Security Measures:
- Regular vulnerability scanning of NuGet packages
- License compliance monitoring
- Regular security patches via Dependabot
-
Development Practices:
- Secure coding guidelines
- Regular code reviews
- Automated testing
We take the security of RVToolsMerge seriously. We appreciate your efforts to responsibly disclose your findings.
If you believe you've found a security vulnerability in RVToolsMerge, please follow these steps:
- Do not disclose the vulnerability publicly
- Submit the report through one of these channels:
- Submit a security advisory on GitHub
- Email us at [email protected]
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any recommended remediation
- Whether you want to be credited
- We'll acknowledge receipt of your report within 48 hours
- We'll provide a timeline for a fix and release
- We'll keep you updated on our progress
- After the vulnerability is fixed and released, we'll publicly acknowledge your responsible disclosure (if you wish)
Thank you for helping keep RVToolsMerge and our users safe!