If you discover a security vulnerability in NexusIntel, please do not create a public GitHub issue. Instead:
- Email security concerns to: xdrew87@osintintelligence.xyz (with "[NexusIntel Security]" in subject)
- Describe the vulnerability in detail
- Include steps to reproduce if applicable
- Allow 7 days for initial response
We take security seriously and will work with you to address the issue promptly.
- Never commit .env files with API keys
- Use strong, unique API key credentials
- Validate all user input on the backend
- Use HTTPS in production
- Keep dependencies updated:
pip install -U -r requirements.txt - Run with DEBUG=false in production
- Implement rate limiting
- Use environment variables for all secrets
- Never hardcode secrets or credentials
- Sanitize user input before database queries
- Validate file uploads (type, size, content)
- Use prepared statements to prevent SQL injection
- Implement proper authentication/authorization
- Keep dependencies minimal and up-to-date
- Run security linters:
bandit,safety - Test edge cases and error conditions
| Version | Supported |
|---|---|
| 1.0.x | ✅ Yes |
| < 1.0 | ❌ No |
NexusIntel backend includes:
Content-Security-PolicyX-Content-Type-Options: nosniffX-Frame-Options: DENYX-XSS-Protection
We regularly audit dependencies for vulnerabilities:
# Check for known vulnerabilities pip install safety safety check # Update packages pip install -U -r requirements.txt npm audit fix
- All API endpoints validate input via Pydantic
- File uploads are restricted by type and size
- Paths are sanitized to prevent traversal
- Rate limiting is enforced
- Async workers prevent blocking attacks
For security questions, open a discussion or email security concerns responsibly.