CloudOpsAI follows semantic versioning (MAJOR.MINOR.PATCH) and maintains security updates for the following versions:
| Version | Supported | End of Life |
|---|---|---|
| 1.0.x | ✅ | TBD |
| 0.2.x | ✅ | December 2026 |
| 0.1.x | ❌ | June 2025 |
| < 0.1 | ❌ | N/A |
CloudOpsAI implements the following security measures:
- IAM roles with least privilege
- Multi-account support via AWS Organizations
- Data encryption at rest and in transit
- Regular security audits
- Compliance with AWS security best practices
- Automated security scanning via Dependabot
- SonarQube Cloud integration for code quality
We take security vulnerabilities seriously. If you believe you've found a security vulnerability in CloudOpsAI, please follow these steps:
- Do Not disclose the vulnerability publicly
- Email your findings to [email protected]
- Include the following information:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes
- You will receive an acknowledgment within 48 hours
- We will investigate and provide updates every 7 days
- If the vulnerability is accepted:
- We will work on a fix
- You will be notified when the fix is deployed
- You will be credited in our security advisory
- If the vulnerability is declined:
- You will receive a detailed explanation
- You may appeal the decision
We follow responsible disclosure practices:
- We will not take legal action against you for reporting vulnerabilities
- We will work with you to validate and fix the issue
- We will credit you in our security advisory
- We will not share your personal information without your permission
- Critical security updates are released within 24 hours
- High severity updates are released within 7 days
- Medium severity updates are released within 30 days
- Low severity updates are included in regular releases
When using CloudOpsAI, please follow these security best practices:
- Keep your AWS credentials secure
- Regularly rotate access keys
- Use IAM roles with least privilege
- Enable MFA for all AWS accounts
- Monitor CloudTrail logs
- Regularly update to the latest supported version
- Review and audit your configuration files
- Use encryption for sensitive data
For security-related questions or concerns:
- Email: [email protected]
- GitHub Security Advisory: Create a security advisory
- AWS Security Hub: AWS Security Hub