Skip to content

cloudURBANE/sCAST

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1,714 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Security Policy

Reporting a vulnerability

If you believe you have found a security vulnerability in ScentCast, please report it privately. Do not open a public GitHub issue for security problems.

Please include enough detail to reproduce: affected endpoint/route or component, the impact you observed, and a minimal proof of concept. Do not include live third-party credentials in the report.

Disclosure process

  • We aim to acknowledge a report within 3 business days.
  • We ask for a 90-day coordinated disclosure window from acknowledgement before public details are shared, extendable by mutual agreement while a fix is in progress.
  • We will keep you updated on remediation progress and credit you in the fix notes unless you prefer to remain anonymous.

Scope

In scope: this repository's application code — the Express API (artifacts/api-server), the SPA (artifacts/scent-cast), the shared libraries (lib/*), and the deployment infrastructure (infra/, Dockerfile, workflows).

Out of scope: findings that require a compromised admin credential, volumetric denial-of-service, and issues in third-party services we integrate with (report those to the respective vendor). The database may be a shared Supabase project — never test against production data or attempt to reach tables outside this application's schema.

Supported versions

Only the currently deployed main is supported. There are no long-term support branches.

About

Security policy

Stars

1 star

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors