- Block sensitive data being pushed to GitHub by git-secrets or its likes as a git pre-commit hook
- Audit for slipped secrets with dedicated tools
- Use environment variables for secrets in CI/CD (e.g. GitHub Secrets) and secret managers in production
Report the vulnerabilities in this repository's issue tracker.
Give the proof of the vulnerability: CVE, analysis report, etc...
Precise how it concerns the implementation of Freyja.
You can ask for support by contacting security@opensource.thalesgroup.com
You will get update of the vulnerabilities you have found through the issue tracker.
The policy disclosure will depend on the context of the vulnerability, the proof provided to detect it and the means implemented to remediate.
The result will be discussed in the issue tracker.