Maintained by FutureOps Technology Ltd
CarbonOps is an open-source sustainability and DevOps automation toolkit.
We take the security of our users and contributors seriously.
This document describes how to report vulnerabilities and what level of support we provide.
Only actively maintained versions receive security updates.
| Version | Supported |
|---|---|
| 0.1.x | ✔ Active support |
| 0.0.x | ✔ Critical fixes only |
| < 0.0.x | ✖ Unsupported |
If you believe you have found a security vulnerability that affects CarbonOps, please follow the steps below:
- Do NOT create a public GitHub issue.
- Send an email to our security team:
[email protected] - Include the following information (if available):
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Affected versions
- Your environment (OS, Python version, etc.)
- You will receive an acknowledgment within 72 hours.
We request that researchers:
- Respect user privacy
- Avoid impacting production systems
- Give us reasonable time to remediate vulnerabilities before public disclosure
- Do not attempt to access data that does not belong to you
We follow a coordinated disclosure model and will publicly credit researchers who responsibly report security issues, if they choose to be acknowledged.
The following are NOT considered security vulnerabilities:
- Missing best-practice security headers in development builds
- Rate-limiting issues on non-production endpoints
- Vulnerabilities in dependencies not controlled by this repo
- Local environment misconfiguration
- Social engineering against maintainers or contributors
FutureOps Security Team
📧 [email protected]
🌍 https://futureops.co.uk