Quad4-Software/Linking-Tool

Files

Sudo-Ivan add7f6e530

Update SECURITY.md to include PNPM in vulnerability scanning and add SAST tools for Go and JavaScript code.

2025-12-29 12:58:48 -06:00

685 B

Raw Blame History

Security Policy

If you have discovered a security vulnerability, please refer to our website for the latest security reporting procedures and guidelines.

Vulnerability Management

We use PNPM and OSV to scan for package vulnerabilities in our dependencies.

SAST

Gosec for Go code.
ESLint with eslint-plugin-security for JavaScript code.

Dependency and Supply Chain

All GitHub Actions used are forked and hosted on our Gitea instance, view them here https://git.quad4.io/actions.
Actions are referenced using full URLs and cryptographically pinned to specific commit hashes for enhanced supply chain security.