Before any commit/push activity, all code MUST be audited to ensure:
-
Adherence to security best practices
- No hardcoded credentials or secrets
- Secure file permissions where applicable
- Proper input validation and sanitization
- Safe handling of sensitive data
-
Prevention of unintended exposure
- Scripts should not create world-readable files containing sensitive data
- Temporary files should be securely deleted
- Output locations should be clearly documented
-
Risk disclosure
- If a tool inherently handles sensitive data, it MUST:
- Warn users before execution
- Document what sensitive data is involved
- Provide clear guidance on secure usage
- Offer secure alternatives where possible
- If a tool inherently handles sensitive data, it MUST:
- Always provide both convenience and secure versions
- Default to secure permissions (600) for output files
- Warn about sensitive data inclusion
- Document secure storage and deletion practices
- Never store credentials in scripts
- Use environment variables or secure prompts for secrets
- Document any security implications in README
- Provide secure usage examples
If you discover a security vulnerability in any of these tools:
- Do NOT open a public issue
- Contact the repository owner directly
- Provide details about the vulnerability
- Suggest fixes if possible
Before submitting code:
- No hardcoded credentials
- Secure file permissions implemented
- Sensitive data handling documented
- Security warnings added where needed
- Secure deletion practices documented
- README updated with security notes