| Version | Supported |
|---|---|
| Latest | ✅ |
| < 1.0 | ❌ |
We take security seriously. If you discover a security vulnerability, please report it responsibly.
Please do NOT open a public GitHub issue for security vulnerabilities.
-
Email us at support@clouddrove.com with:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
-
You will receive an acknowledgment within 48 hours
-
We will investigate and provide a timeline for a fix
| Severity | Acknowledgment | Fix Target |
|---|---|---|
| Critical | 24 hours | 7 days |
| High | 48 hours | 14 days |
| Medium | 72 hours | 30 days |
| Low | 1 week | Next release |
This policy applies to:
- Terraform module code
- Example configurations
- CI/CD workflows
- Documentation containing sensitive patterns
- Vulnerabilities in Terraform itself (report to HashiCorp)
- Vulnerabilities in Azure provider (report to HashiCorp)
- Issues in third-party dependencies (report upstream)
When using our modules:
- Always pin module versions in production
- Review
tfsecandcheckovfindings before deploying - Use least-privilege RBAC policies
- Enable encryption at rest and in transit where available
- Regularly update to the latest module version