You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: SECURITY.md
-1Lines changed: 0 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -13,6 +13,5 @@ Keystone has not endured publicly-disclosable penetration testing or been profes
13
13
When deploying, we currently recommend not placing Keystone at the hard edge of your infrastructure - instead opting for appropriate defence-in-depth measures such as web application firewalls, reverse proxies and or caching and load balancing infrastructure.
14
14
15
15
The Keystone team holds security and security-related issues in high regard; and we issue GitHub security advisories (following a CVE process) for security vulnerabilities that are reported to us or discovered by our team.
16
-
Without enduring a publicly-disclosable penetration test, we do not currently recommend using KeystoneJS in hostile environments or for securing highly sensitive data (such as financial or medical information).
17
16
18
17
Keystone is an open source project, and thereby uses open source security tooling including GitHub security advisories, [dependabot](https://github.com/dependabot) and [renovate](https://github.com/renovatebot/renovate) to monitor and update our dependencies.
0 commit comments