Skip to content

Security: chefgs/aws_boto3_scripts

Security

SECURITY.md

Security Policy

Supported Versions

Version Supported
latest (main branch)

Reporting a Vulnerability

Please do not report security vulnerabilities through public GitHub issues.

If you discover a security vulnerability in this project, please report it privately by:

  1. Emailing the maintainer directly (see the GitHub profile for contact details).
  2. Or opening a GitHub Security Advisory.

Please include:

  • A description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact
  • Any suggested mitigation

You can expect an acknowledgement within 48 hours and a resolution or status update within 7 days.

Security Best Practices When Using This Project

  • Never hardcode AWS credentials in scripts or commit them to source control.
  • Use AWS IAM roles with least-privilege permissions.
  • Use named profiles (aws configure --profile) or environment variables for credentials.
  • Use --dry-run before running destructive operations in production.
  • Rotate AWS access keys regularly.
  • Store secrets in AWS Secrets Manager or SSM Parameter Store, not in .env files committed to git.

There aren't any published security advisories