Skip to content

Security: pravalika2307/HRlytics-AI

Security

SECURITY.md

Security Policy

We take security seriously and appreciate efforts to report potential vulnerabilities. This document outlines support guidelines and submission procedures.


Supported Versions

Only the latest release is actively supported with security patches:

Version Supported
v1.3.x Active
< v1.2.x End-of-life

Reporting a Vulnerability

Please do not open GitHub issues for security vulnerabilities.

Instead, report them privately using the following process:

  1. Email a detailed vulnerability report to support@hrlytics.ai.
  2. Include the following details to help us investigate:
    • Description of the vulnerability type.
    • Steps to reproduce the issue.
    • Code snippets or proof-of-concept indicators.
    • Potential mitigation recommendations.

Response Time

We will acknowledge receipt within 48 hours and coordinate a public release timeline for the security patch once fixed.


Best Practices for Local Development

  • Gemini API Keys: Never commit your GEMINI_API_KEY to the repository. Always specify the key in your local, git-ignored backend/.env file.
  • Database Credentials: Keep your SQLite database file (hrlytics.db) git-ignored to prevent check-ins of actual user attributes or corporate meeting logs.

There aren't any published security advisories