Sikuwa first commit
Some checks are pending
CI / Test (Python 3.10 on macos-latest) (push) Waiting to run
CI / Test (Python 3.11 on macos-latest) (push) Waiting to run
CI / Test (Python 3.12 on macos-latest) (push) Waiting to run
CI / Test (Python 3.8 on macos-latest) (push) Waiting to run
CI / Test (Python 3.9 on macos-latest) (push) Waiting to run
CI / Test (Python 3.10 on ubuntu-latest) (push) Waiting to run
CI / Test (Python 3.11 on ubuntu-latest) (push) Waiting to run
CI / Test (Python 3.12 on ubuntu-latest) (push) Waiting to run
CI / Test (Python 3.8 on ubuntu-latest) (push) Waiting to run
CI / Test (Python 3.9 on ubuntu-latest) (push) Waiting to run
CI / Test (Python 3.10 on windows-latest) (push) Waiting to run
CI / Test (Python 3.11 on windows-latest) (push) Waiting to run
CI / Test (Python 3.12 on windows-latest) (push) Waiting to run
CI / Test (Python 3.8 on windows-latest) (push) Waiting to run
CI / Test (Python 3.9 on windows-latest) (push) Waiting to run
CI / Lint (push) Waiting to run
CI / Release (push) Blocked by required conditions
Documentation / Build Documentation (push) Waiting to run
Some checks are pending
CI / Test (Python 3.10 on macos-latest) (push) Waiting to run
CI / Test (Python 3.11 on macos-latest) (push) Waiting to run
CI / Test (Python 3.12 on macos-latest) (push) Waiting to run
CI / Test (Python 3.8 on macos-latest) (push) Waiting to run
CI / Test (Python 3.9 on macos-latest) (push) Waiting to run
CI / Test (Python 3.10 on ubuntu-latest) (push) Waiting to run
CI / Test (Python 3.11 on ubuntu-latest) (push) Waiting to run
CI / Test (Python 3.12 on ubuntu-latest) (push) Waiting to run
CI / Test (Python 3.8 on ubuntu-latest) (push) Waiting to run
CI / Test (Python 3.9 on ubuntu-latest) (push) Waiting to run
CI / Test (Python 3.10 on windows-latest) (push) Waiting to run
CI / Test (Python 3.11 on windows-latest) (push) Waiting to run
CI / Test (Python 3.12 on windows-latest) (push) Waiting to run
CI / Test (Python 3.8 on windows-latest) (push) Waiting to run
CI / Test (Python 3.9 on windows-latest) (push) Waiting to run
CI / Lint (push) Waiting to run
CI / Release (push) Blocked by required conditions
Documentation / Build Documentation (push) Waiting to run
This commit is contained in:
so陈
78
SECURITY.md
Normal file
78
SECURITY.md
Normal file
@@ -0,0 +1,78 @@
|
||||
# 安全策略
|
||||
|
||||
## 支持的版本
|
||||
|
||||
以下版本目前接受安全更新:
|
||||
|
||||
| 版本 | 支持状态 |
|
||||
|:---|:---:|
|
||||
| 1.3.x | 支持 |
|
||||
| 1.2.x | 支持 |
|
||||
| < 1.2 | 不支持 |
|
||||
|
||||
## 报告漏洞
|
||||
|
||||
如果您发现安全漏洞,请按照以下步骤报告:
|
||||
|
||||
### 请勿公开报告
|
||||
|
||||
请不要通过公开的 Issue 报告安全漏洞。
|
||||
|
||||
### 报告方式
|
||||
|
||||
1. 发送邮件至安全团队
|
||||
2. 使用 GitHub/Gitee 的私密漏洞报告功能
|
||||
|
||||
### 报告内容
|
||||
|
||||
请在报告中包含以下信息:
|
||||
|
||||
- 漏洞类型
|
||||
- 受影响的版本
|
||||
- 复现步骤
|
||||
- 潜在影响
|
||||
- 建议的修复方案(如有)
|
||||
|
||||
### 响应时间
|
||||
|
||||
- 确认收到:48 小时内
|
||||
- 初步评估:7 个工作日内
|
||||
- 修复发布:根据严重程度,通常在 30 天内
|
||||
|
||||
### 漏洞披露
|
||||
|
||||
修复发布后,我们将:
|
||||
|
||||
1. 发布安全公告
|
||||
2. 更新 CHANGELOG
|
||||
3. 通知受影响用户(如适用)
|
||||
|
||||
## 安全更新
|
||||
|
||||
建议用户:
|
||||
|
||||
- 及时更新到最新版本
|
||||
- 订阅安全公告
|
||||
- 定期检查依赖项的安全更新
|
||||
|
||||
## 安全最佳实践
|
||||
|
||||
使用 Sikuwa 时的安全建议:
|
||||
|
||||
### 配置文件
|
||||
|
||||
- 不要在配置文件中存储敏感信息
|
||||
- 使用环境变量管理密钥
|
||||
- 将配置文件添加到 `.gitignore`
|
||||
|
||||
### 构建环境
|
||||
|
||||
- 使用虚拟环境隔离依赖
|
||||
- 定期更新依赖项
|
||||
- 验证第三方包的完整性
|
||||
|
||||
### 输出文件
|
||||
|
||||
- 审查生成的可执行文件
|
||||
- 使用代码签名(如适用)
|
||||
- 扫描构建产物的安全漏洞
|
||||
Reference in New Issue
Block a user