Skip to content

Security: abhisek2004/Dev-Elevate

Security

SECURITY.md

πŸ” Security Policy

Thank you for helping us keep DevElevate secure for all users! Security is a top priority in our project, which is designed to support developers, learners, and contributors across the globe.

πŸ“£ About DevElevate

DevElevate is a full-stack open-source platform built with:

  • 🌐 Frontend: React, TypeScript, Shadcn UI, Tailwind CSS
  • πŸ” Backend: Node.js, Express, JWT Auth, MongoDB Atlas
  • πŸ€– Features: AI Chatbot (OpenAI/Gemini), Resume Analyzer, Learning Tracker, Admin Dashboards, Stripe Payments (upcoming)

🐞 Reporting a Vulnerability

If you find a security issue in DevElevate, we kindly ask that you follow responsible disclosure practices:

🚨 Do NOT:

  • Do not open a GitHub issue describing the vulnerability publicly.

βœ… Instead:

  • Email us directly and privately at: πŸ“§ officialdevelevate@gmail.com

  • Please include:

    • Clear description of the vulnerability
    • Steps to reproduce
    • Any proof-of-concept (PoC) code or screenshots
    • Recommendations (optional)

We aim to respond within 6–12 hours, and patch critical issues ASAP (usually within 24 hours).

πŸ›‘οΈ Supported Versions

Branch / Version Status Notes
main βœ… Supported Actively maintained & deployed
Other branches ❌ Not Supported Dev/test branches only, no guarantees

If you're using a forked or older version, we strongly recommend syncing with the main branch regularly to receive security patches.

πŸ”’ Data Protection Practices

  • Authentication: All user/admin login routes are secured using JWT + Bcrypt hashing
  • Authorization: Middleware protections (e.g., authorize("admin")) are in place for sensitive routes
  • Input Validation: APIs are protected using Zod-based schema validation
  • Rate Limiting (upcoming): To prevent brute-force or abuse attacks
  • Environment Secrets: All credentials and API keys are stored securely via .env and Vercel Secrets
  • Emails & Passwords: Stored securely using MongoDB Atlas, not exposed in logs

πŸ§ͺ Reporting Flow

  1. Vulnerability reported privately
  2. Internal validation & patch implementation
  3. Security hotfix release deployed to main and production (Vercel)
  4. Optional public advisory, if required

🀝 Thanks for Your Contribution

We value and appreciate all contributors who help us make DevElevate better and more secure. πŸ›‘οΈ

Let’s build safer, smarter, and more inclusive softwareβ€”together.

Project Maintainer: πŸ‘€ Abhisek Panda πŸ“§ abhisek2004panda@gmail.com πŸ”— https://github.com/abhisek2004/Dev-Elevate

Would you like this saved as a SECURITY.md file for direct upload to GitHub?

There aren’t any published security advisories