Skip to main content

Security at appsgm

We take the security of your code and data seriously. Learn about our security practices and how to report vulnerabilities.

Security Features

Learn about built-in security measures protecting your projects.

Report Vulnerabilities

Responsible disclosure program for security researchers.

Our Security Practices

Encryption

All data is encrypted in transit using TLS 1.3 and at rest with AES-256 encryption.

Authentication

Multi-factor authentication (MFA) support and secure password hashing with bcrypt.

Access Control

Granular permissions for repositories, teams, and organizations.

Audit Logs

Comprehensive logging of all security-relevant events and activities.

Infrastructure

Regular security patching, intrusion detection, and DDoS protection.

Compliance

Regular security audits and compliance with industry standards.

Security Tips for Users

Security Best Practices

  • Enable two-factor authentication (2FA) on your account
  • Use strong, unique passwords for appsgm
  • Regularly review third-party application access
  • Keep your email account secure (password recovery)
  • Be cautious with repository access permissions
  • Regularly update dependencies and review security advisories

Repository Security

  • Use .gitignore to prevent accidental commits of sensitive data
  • Regularly rotate API keys and secrets
  • Use private repositories for sensitive code
  • Review code changes before merging
  • Enable branch protection rules

Reporting Security Issues

Responsible Disclosure

If you discover a security vulnerability in appsgm, please report it responsibly:

  • DO NOT publicly disclose the vulnerability
  • DO report it to us immediately
  • DO provide detailed information for reproduction
  • DO allow reasonable time for us to fix the issue

How to Report

Send security reports to: [email protected]

Include in Your Report:

  • Description of the vulnerability
  • Steps to reproduce
  • Potential impact
  • Suggested fix (if any)
  • Your contact information

Bug Bounty Program

We offer rewards for qualifying security vulnerabilities. Rewards are determined based on severity and impact.

Response Time

We acknowledge security reports within 24 hours and provide regular updates on our progress.