nhcarrigan/docs
2
0
Fork 0
generated from nhcarrigan/template
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: update security policy with new scanning tools (#49)

Browse Source 
Reviewed-on: https://codeberg.org/nhcarrigan/docs/pulls/49
Co-authored-by: Naomi Carrigan <commits@nhcarrigan.com>
Co-committed-by: Naomi Carrigan <commits@nhcarrigan.com>
This commit is contained in:
Naomi Carrigan 2024-12-27 02:50:09 +00:00 committed by Naomi the Technomancer
parent 6fc0695aad
commit e81471daff
2 changed files with 25 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/content/docs/dev/servers.md
View File

@ -298,17 +298,10 @@ git clone <url>
cd /path/to/project cd /path/to/project
``` ```
:::tip Then sync the project up to the machine, ignoring any installed packages.
If you already have the project cloned, remove any ignored files such as `node_modules`, `prod`, or `coverage`.
```bash ```bash
rm -rf node_modules prod coverage <other directories and files> rsync -av --exclude='node_modules' ./ <server name>:/home/nhcarrigan/<project directory>
```
Then sync the project up to the machine, ignoring the `.git` directory.
```bash
GLOBIGNORE='.git' scp -r ./* <server name>:/home/nhcarrigan/<project directory>
``` ```
## 6. Running a Project ## 6. Running a Project

26
src/content/docs/legal/security.md
View File

@ -102,15 +102,35 @@ Any information you provide in your vulnerability report will be handled in acco
We will treat all vulnerability reports as confidential and will not share the information beyond what is necessary to address the reported issue. We will treat all vulnerability reports as confidential and will not share the information beyond what is necessary to address the reported issue.
## 9. Compliance with Laws and Regulations ## 9. Proactive Measures
In order to maintain the best possible effort to protect your data and the safety of our applications, we implement the following proactive security measures.
### 9.1. Code Scanning
Our projects are scanned for potential security risks and vulnerabilities using SonarQube. You can view the latest scan reports [on our dashboard](https://quality.nhcarrigan.link).
### 9.2. Local Scanning
We also run a weekly scan on all of our projects using local tooling:
- Gitleaks (to detect leaked secrets and credentials)
- Grype (secondary detection for vulnerabilities in dependencies)
- Snyk (in-depth scanning of code and dependencies)
- Syft (to generate Software Bill of Materials for third-party auditors to use)
- Trivy (to detect vulnerabilities in dependencies)
The results of these scans are found at https://security.nhcarrigan.com
## 10. Compliance with Laws and Regulations
All security research and vulnerability disclosure activities must comply with all applicable local, state, and federal laws, as well as any relevant international laws. All security research and vulnerability disclosure activities must comply with all applicable local, state, and federal laws, as well as any relevant international laws.
## 10. Policy Updates ## 11. Policy Updates
We reserve the right to update or modify this Security Policy at any time. Any changes will be effective immediately upon posting the updated policy on our website or repository. We reserve the right to update or modify this Security Policy at any time. Any changes will be effective immediately upon posting the updated policy on our website or repository.
## 11. Contact Information ## 12. Contact Information
For any questions regarding this Security Policy, please contact us at `security@nhcarrigan.com`. For any questions regarding this Security Policy, please contact us at `security@nhcarrigan.com`.