Skip to content

Security: dotdigitize/neuroscope-ai

Security

SECURITY.md

Security

  • No authentication is included for local development.
  • Add authentication, authorization, HTTPS, access controls, audit logging, backup policies, and secret management before public deployment.
  • Do not expose the app publicly without security review.
  • Do not commit real datasets, secrets, or patient data.
  • Keep MAMMAL command execution restricted to trusted configured commands.
  • No raw SQL endpoints are included.
  • Use parameterized SQL for database access.

MAMMAL execution is controlled by MAMMAL_COMMAND from .env. User-submitted scripts are not executed directly.

There aren't any published security advisories