Skip to content

Security Policy

Supported Versions

Version Support Status
1.0.x Current stable release; accepts security reports and prioritizes fixes
0.2.x No longer maintained
0.1.x No longer maintained

Security fixes are backported to the latest stable major version. Pre-release versions (alpha/beta/rc) only receive fixes in the latest RC.

Reporting a Vulnerability

If you discover a security vulnerability, please report it privately via the following method instead of opening a public issue:

  • Email: security@autoship.dev

Please include in your report:

  • A description of the vulnerability and its impact scope
  • Reproduction steps or a minimal reproduction example
  • Affected versions
  • Possible fix suggestions (if any)

We commit to acknowledging receipt within 5 business days and will fix and release an update as soon as possible after assessment.

Security Design

AutoShip-CLI adopts the following security measures:

  • Local-first: Uses local models and local toolchains by default to avoid uploading code to the cloud.
  • Credential management: Sensitive information is not written to logs; using environment variables or the system keyring is recommended.
  • Plugin sandbox: Plugins run through the hook mechanism, following the principle of least privilege.
  • Audit logs: Key operations are recorded in audit logs for traceability.
  • Security scanning: CI integrates bandit and pip-audit to continuously detect code and dependency vulnerabilities.

Known Limitations

  • Local model communication uses HTTP (such as Ollama's default port); please ensure the runtime environment is trusted.
  • Plugins can execute system commands; please review the source when installing third-party plugins.

Security Audit History

2026-06-19 Internal Security Review (before v1.0.0 release)

Check Item Tool/Method Result
Static Application Security Testing (SAST) bandit No High/Medium issues
Dependency vulnerability scanning pip-audit No known unfixed vulnerabilities
Secret leak detection gitleaks (CI) No historical secret leaks found
Sensitive field redaction Unit tests + manual review Audit logs, telemetry, and error output are redacted
Plugin permission model Code review Permission declarations are minimized; high-risk operations require user confirmation
Path traversal & file permissions Unit tests + fuzz testing Fixed and regression tested
Supply chain security wheel sha256 + PGP signature Verified plugins are strictly validated

Red Team / Third-Party Penetration Testing

  • Plan: Commission an external security team to conduct a full penetration test before v1.1.0.
  • Current: Internal red team review is complete; no remotely exploitable high-severity vulnerabilities found.

Historical Security Advisories

No disclosed security vulnerabilities as of 2026-06-22.