Security

SECURITY.md

Security Policy

Reporting a Vulnerability

If you discover a security vulnerability in MigrateChart, please report it responsibly.

How to Report

Please do NOT open a public GitHub issue for security vulnerabilities.

Instead, please report security issues by emailing: migratechart@gmail.com

Include as much information as possible:

Description of the vulnerability
Steps to reproduce
Potential impact
Suggested fix (if any)

What to Expect

We will acknowledge receipt within 48 hours
We will investigate and provide updates on the fix timeline
Once fixed, we will credit you in the release notes (unless you prefer to remain anonymous)

Scope

This security policy applies to:

The MigrateChart web application
The Python data generator scripts
GitHub Actions workflows

Out of Scope

Third-party services (Supabase, Vercel, GeckoTerminal API)
Social engineering attacks
Denial of service attacks

Security Best Practices for Contributors

When contributing, please ensure:

Never commit API keys, secrets, or credentials
Use environment variables for sensitive configuration
Validate and sanitize user inputs
Keep dependencies updated

Thank you for helping keep MigrateChart secure!

There aren’t any published security advisories