mirror of
https://github.com/coder/code-server.git
synced 2024-11-25 18:46:00 +03:00
a9eb923790
There is a `yarn ci` script which was using audit-ci but this does not appear to be called anywhere. The security worflow uses `yarn audit` and `npm audit` which seem fine enough anyway.
1.5 KiB
1.5 KiB
Security Policy
Coder and the code-server team want to keep the code-server project secure and safe for end-users.
Tools
We use the following tools to help us stay on top of vulnerability mitigation.
- dependabot
- Submits pull requests to upgrade dependencies. We use dependabot's version upgrades as well as security updates.
- code-scanning
yarn audit
andnpm audit
- Audits Yarn/NPM dependencies.
Supported Versions
Coder sponsors the development and maintenance of the code-server project. We will fix security issues within 90 days of receiving a report and publish the fix in a subsequent release. The code-server project does not provide backports or patch releases for security issues at this time.
Version | Supported |
---|---|
Latest | ✅ |
Reporting a Vulnerability
To report a vulnerability, please send an email to security[@]coder.com, and our security team will respond to you.