Kessler is not a standalone compiled application and is there for susceptible to any security threats possible in the execution of any unknown source code. As always, best practices apply of not executing code unless it is from a trusted source. The code maintained on this repository will be maintained to be free of any such security vulnerabilities.
If a potential security issue is found, please immediately contact this repository's administrators with a detailed explanation of the issue and potential consequences. The current administrator can be reached at [email protected]
- Block sensitive data being pushed to GitHub by git-secrets or its likes as a git pre-commit hook
- Audit for slipped secrets with dedicated tools
- Use environment variables for secrets in CI/CD (e.g. GitHub Secrets) and secret managers in production