Security patches go into main and the latest release. If you're running something older, upgrade.

Found a security issue? Don't open a public GitHub issue - email max.azatian@gmail.com instead.

Include what you can: vulnerability type, where it occurs, reproduction steps, PoC if you have one. You'll get an acknowledgment within 48 hours. If confirmed, we'll patch it and credit you in the disclosure (unless you prefer to stay anonymous).

The CI pipeline runs Bandit on the Python backend for static analysis, and Dependabot keeps dependencies patched across Python, npm, and Docker. For SBOM generation and vulnerability scanning, see Supply Chain Security.

The frontend uses a nonce-based Content Security Policy:

• script-src 'nonce-...' — blocks injected <script> tags (XSS). Nonce is per-request, generated by nginx.
• style-src-elem 'nonce-...' — blocks injected <style> tags.
• style-src-attr 'unsafe-inline' — allows style="" attributes (required by Svelte transitions and CodeMirror).

Nonce injection is handled by nginx's sub_filter directive. See Nginx Configuration for the full mechanism.

Executor pods run user code with non-root users, read-only filesystems, dropped capabilities, user namespace isolation ( host_users: false), and no service account tokens. An optional sandboxed runtime (e.g., gVisor) can be configured via K8S_POD_RUNTIME_CLASS_NAME.

At the namespace level, the k8s_worker automatically applies:

• NetworkPolicy — default-deny ingress + egress for executor pods (blocks lateral movement and exfiltration)
• ResourceQuota — caps aggregate pod, CPU, and memory consumption
• Pod Security Admission — restricted profile enforced via namespace labels

Details in Pod & Namespace Security.

Password hashing uses pwdlib with BcryptHasher (configurable rounds). Authentication is cookie-based JWT with CSRF protection via the double-submit pattern. See Authentication.

• Redis is password-protected (--requirepass)
• MongoDB uses authentication (authSource=admin)
• All database ports bound to 127.0.0.1 (not exposed to host network)
• Docker image versions are pinned to specific patches
• TLS everywhere (self-signed for development, generated by cert-generator container)

Secrets stay out of the repo — .env files and credentials are your responsibility to manage in deployment.