We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly.
https://github.com/kagenti/adk/security/advisories
- Do NOT create public GitHub issues for security vulnerabilities
- Email: Report vulnerabilities privately via GitHub Security Advisories
- Go to the Security tab and create a new advisory
- Include: A clear description of the vulnerability, steps to reproduce, and potential impact
- We will acknowledge receipt within 48 hours
- We aim to provide an initial assessment within 7 days
- We will keep you informed of our progress
- We will credit you in the security advisory (if desired)
| Version | Supported |
|---|---|
| main | ✅ |
This project implements several security controls:
- CI/CD Security: All workflows use explicit least-privilege permissions
- Dependency Scanning: Automated vulnerability scanning via Trivy and Dependabot
- Code Analysis: CodeQL with
security-extendedqueries - Supply Chain: All GitHub Actions SHA-pinned, OpenSSF Scorecard monitoring
- Pre-commit Hooks: Ruff linting and formatting checks