We actively support the following versions of bunkit with security updates:

If you discover a security vulnerability, please do not open a public issue. Instead, please report it via one of the following methods:

1. Email: [Your email address] (preferred)
2. GitHub Security Advisory: Use the "Report a vulnerability" button on the Security tab of this repository

When reporting a vulnerability, please include:

• A description of the vulnerability
• Steps to reproduce the issue
• Potential impact
• Suggested fix (if you have one)

We aim to:

• Acknowledge receipt of your report within 48 hours
• Provide an initial assessment within 7 days
• Keep you informed of our progress

• We will work with you to understand and resolve the issue quickly
• We will credit you for the discovery (unless you prefer to remain anonymous)
• We will not disclose the vulnerability publicly until a fix is available

When using bunkit:

1. Keep dependencies updated: Regularly update your project dependencies

   bun run check-deps
   bun run update-deps

2. Review generated code: Always review the code generated by bunkit before deploying to production

3. Use environment variables: Never commit secrets or API keys to your repository

4. Enable security features: Use the built-in security features of your chosen stack (e.g., Supabase RLS, Next.js security headers)

• bunkit generates project scaffolding code - always review and customize for your security needs
• Database configurations are provided as templates - ensure proper authentication and access controls
• CI/CD workflows may need customization based on your security requirements

Thank you for helping keep bunkit and its users safe! 🔒