Skip to content

Security: ConsumerDataRight/mock-data-holder

Security

Report a vulnerability

SECURITY.md

Security Policy

If you have discovered a potential security vulnerability within the Consumer Data Right GitHub Organisation or Consumer Data Right Sandbox operated by the ACCC, we encourage you to disclose it to us as quickly as possible and in a responsible manner in accordance with our Responsible disclosure of security vulnerabilities policy.

Visit our Responsible disclosure of security vulnerabilities policy for:

  • A full view of our Responsible disclosure of security vulnerabilities policy
  • Your responsibilities if you find a vulnerability
  • Steps required for reporting a vulnerability

Supported Versions

Version Supported
3.1.x
2.x.x
1.x.x

Reporting a Vulnerability

Visit our Responsible disclosure of security vulnerabilities policy for steps required for reporting a vulnerability.

What controls are in place

SonarCloud

Code repositories in Consumer Data Right GitHub Organisation utilise SonarCloud. Whenever a code change is made to this repository, GitHub actions are used to scan the code using SonarCloud. The SonarCloud results are then assessed. High impact issues, that are not false positives, will be remediated.

GitHub Security Features

Code repositories in Consumer Data Right GitHub Organisation utilise GitHub security features.

Keeping up to date

Code repositories in Consumer Data Right GitHub Organisation are routinely updated with new features and dependency updates.

There aren’t any published security advisories