Skip to content

Security: Saksham-Goel1107/Code-Craft

Security

Report a vulnerability

SECURITY.md

Security Policy

Supported Versions

The following versions of Code Craft are currently receiving security updates:

Version Supported End of Support
1.5.x Current
1.4.x August 2025
1.3.x June 2025
1.2.x April 2025
1.1.x January 2025
1.0.x December 2024

We recommend all users upgrade to the latest version to benefit from security improvements and new features.

Reporting a Vulnerability

We take the security of Code Craft seriously. If you believe you've found a security vulnerability, please follow these steps:

  1. Do not disclose the vulnerability publicly until it has been addressed by our team.
  2. Email security details to: [email protected]
  3. Include the following information:
    • Description of the vulnerability
    • Steps to reproduce
    • Potential impact
    • Suggested fix (if available)

What to Expect

  • Initial Response: We aim to acknowledge receipt within 24 hours.
  • Status Updates: You'll receive updates on the progress of your report within 5 business days.
  • Resolution Timeline: We prioritize security issues and aim to resolve critical vulnerabilities within 14 days.

Security Features

Code Craft includes several security features to protect your code and data:

Secure Code Execution

  • Isolated sandboxed environments
  • Memory usage limits
  • Execution time restrictions
  • Prevention of malicious code execution

Data Protection

  • End-to-end encryption for shared code
  • Secure storage of user data
  • Regular security audits
  • GDPR compliance

Authentication

  • Secure authentication via Clerk
  • Two-factor authentication support
  • Session management and token expiration
  • OAuth integration with major providers

Secure Development Practices

Our development team follows security best practices:

  • Regular dependency updates and vulnerability scanning
  • Static code analysis during CI/CD
  • Peer code reviews for all changes
  • Regular penetration testing
  • OWASP Top 10 awareness and mitigation

Legal

Responsible Disclosure

We request that security researchers:

  • Make every effort to avoid privacy violations, degradation of service, and destruction of data
  • Only interact with accounts you personally own or have permission to access
  • Provide us reasonable time to resolve issues before public disclosure

Safe Harbor

We will not take legal action against security researchers who:

  • Follow our responsible disclosure policy
  • Act in good faith
  • Do not damage our systems or steal data

Last updated: May 17, 2025

There aren’t any published security advisories