devir

# Security Policy ## Supported Versions | Version | Supported | | ------- | ------------------ | | 0.1.x | :white_check_mark: | ## Reporting a Vulnerability We take security seriously. If you discover a security vulnerability, please report it responsibly. ### How to Report 1. **Do NOT** open a public GitHub issue for security vulnerabilities 2. Email us at: **hi@productdevbook.com** 3. Include the following information: - Description of the vulnerability - Steps to reproduce - Potential impact - Any suggested fixes (optional) ### What to Expect - **Initial Response**: Within 48 hours - **Status Update**: Within 7 days - **Resolution Timeline**: Depends on severity, typically within 30 days ### After Reporting 1. We will acknowledge receipt of your report 2. We will investigate and validate the vulnerability 3. We will work on a fix and coordinate disclosure timing with you 4. We will credit you in the security advisory (unless you prefer to remain anonymous) ## Security Best Practices When using Devir: - Keep your `devir.yaml` configuration file secure - Don't commit sensitive environment variables - Use the latest version for security updates - Review service commands before running in production ## Scope This security policy applies to: - The Devir CLI tool - Official releases on GitHub - The Homebrew formula Third-party integrations and forks are outside this scope.