diff --git a/src/content/docs/dev/servers.md b/src/content/docs/dev/servers.md index d0ad259..395410f 100644 --- a/src/content/docs/dev/servers.md +++ b/src/content/docs/dev/servers.md @@ -298,17 +298,10 @@ git clone cd /path/to/project ``` -:::tip -If you already have the project cloned, remove any ignored files such as `node_modules`, `prod`, or `coverage`. +Then sync the project up to the machine, ignoring any installed packages. ```bash -rm -rf node_modules prod coverage -``` - -Then sync the project up to the machine, ignoring the `.git` directory. - -```bash -GLOBIGNORE='.git' scp -r ./* :/home/nhcarrigan/ +rsync -av --exclude='node_modules' ./ :/home/nhcarrigan/ ``` ## 6. Running a Project diff --git a/src/content/docs/legal/security.md b/src/content/docs/legal/security.md index 38b4fbc..3996cf9 100644 --- a/src/content/docs/legal/security.md +++ b/src/content/docs/legal/security.md @@ -102,15 +102,35 @@ Any information you provide in your vulnerability report will be handled in acco We will treat all vulnerability reports as confidential and will not share the information beyond what is necessary to address the reported issue. -## 9. Compliance with Laws and Regulations +## 9. Proactive Measures + +In order to maintain the best possible effort to protect your data and the safety of our applications, we implement the following proactive security measures. + +### 9.1. Code Scanning + +Our projects are scanned for potential security risks and vulnerabilities using SonarQube. You can view the latest scan reports [on our dashboard](https://quality.nhcarrigan.link). + +### 9.2. Local Scanning + +We also run a weekly scan on all of our projects using local tooling: + +- Gitleaks (to detect leaked secrets and credentials) +- Grype (secondary detection for vulnerabilities in dependencies) +- Snyk (in-depth scanning of code and dependencies) +- Syft (to generate Software Bill of Materials for third-party auditors to use) +- Trivy (to detect vulnerabilities in dependencies) + +The results of these scans are found at https://security.nhcarrigan.com + +## 10. Compliance with Laws and Regulations All security research and vulnerability disclosure activities must comply with all applicable local, state, and federal laws, as well as any relevant international laws. -## 10. Policy Updates +## 11. Policy Updates We reserve the right to update or modify this Security Policy at any time. Any changes will be effective immediately upon posting the updated policy on our website or repository. -## 11. Contact Information +## 12. Contact Information For any questions regarding this Security Policy, please contact us at `security@nhcarrigan.com`.