| Version | Supported |
|---|---|
| 2.0.x | ✅ Active support |
| 1.0.x | |
| < 1.0 | ❌ End of life |
Do NOT open a public issue for security vulnerabilities.
- Email: Send details to security@harery.com
- GitHub: Use the private Security Advisories feature
- Description of the vulnerability
- Steps to reproduce
- Affected versions
- Potential impact
- Suggested fix (if available)
| Stage | Target |
|---|---|
| Initial Response | 24 hours |
| Triage | 48 hours |
| Fix Development | 7 days (critical), 14 days (high) |
| Patch Release | 24-48 hours after fix |
- We follow Coordinated Vulnerability Disclosure
- Please allow us time to fix before public disclosure
- Credit will be given in release notes (if desired)
OCTALUM-PULSE includes the following security features:
- Input Validation: All inputs are sanitized
- Least Privilege: Minimal sudo requirements
- Audit Logging: JSON output for compliance
- No External Calls: Zero network dependencies by default
- Dry-Run Mode: Safe testing without changes
We use automated security scanning:
- Gosec: Go security scanner
- Trivy: Container vulnerability scanner
- Dependabot: Dependency updates
- CodeQL: GitHub code analysis
curl -sSL pulse.harery.com/install | bashThis script:
- Downloads only from GitHub releases
- Verifies binary checksums
- Uses HTTPS only
plugins:
security:
enabled: true
standards: [cis]
cve_scan: truepulse doctor # Safe health check
pulse update --dry-run # Preview changes
pulse security audit # Security auditPULSE requires root for:
- Package installation/removal
- System configuration changes
- Service management
Run with least privilege:
pulse doctor # No sudo needed
sudo pulse fix # Sudo only when required| Role | Contact |
|---|---|
| Security Team | security@harery.com |
| Maintainer | @Harery |
We thank all security researchers who responsibly disclose vulnerabilities.
(No disclosures yet - be the first!)
Last Updated: 2026-03-15