Skip to content

Security: kartikmanimuthu/langgraph-agent-patterns

Security

SECURITY.md

Security Policy

Supported Versions

Use this section to tell people about which versions of your project are currently being supported with security updates.

Version Supported
1.x.x
< 1.0

Reporting a Vulnerability

We take security seriously. If you discover a security vulnerability, please follow these guidelines:

Do not open public issues for security vulnerabilities.

Instead, please report it privately:

  1. Email us at [INSERT SECURITY EMAIL]
  2. Include a description of the vulnerability
  3. Provide steps to reproduce the issue
  4. Describe the potential impact
  5. Suggest a fix (if known)

We aim to acknowledge reports within 48 hours and will prioritize fixing critical vulnerabilities.

Security Best Practices for Users

AWS Credentials

  • Never commit AWS credentials to version control.
  • Use IAM roles and policies with least privilege.
  • Rotate access keys regularly.
  • Use AWS Secrets Manager for production environments.

API Keys

  • Store API keys (e.g., Tavily, LangChain) in .env files.
  • Ensure .env is added to .gitignore.
  • Use environment-specific keys where possible.

Dependencies

  • Keep dependencies updated to their latest secure versions.
  • We periodically audit dependencies for known vulnerabilities.
  • Users are encouraged to run pip-audit or similar tools.

Incident Response

In the event of a security incident:

  1. We will investigate the scope and impact.
  2. We will release a patch as soon as possible.
  3. We will disclose the vulnerability and fix to the community after a responsible disclosure period.

There aren't any published security advisories