Skip to content

Security: keygen-sh/keygen-api

Security

SECURITY.md

Thanks for helping make Keygen safe for everyone.

Security

We take the security of Keygen seriously. We perform annual penetration tests of Keygen's code base and infrastructure. In addition, we perform regular code audits.

Our most recent pen-test was performed in May, 2023 by Greg Molnar, an OSCP-certified security researcher in the Ruby and Rails community.

Reporting Security Issues

If you believe you have found a security vulnerability in this repository, please report it to us through coordinated disclosure.

Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.

Instead, please send an email to: security[@]keygen.sh.

Please include as much of the information listed below as you can to help us better understand and resolve the issue:

  • The type of issue (e.g., buffer overflow, SQL injection, or cross-site scripting)
  • Full paths of source file(s) related to the manifestation of the issue
  • The location of the affected source code (tag/branch/commit or direct URL)
  • Any special configuration required to reproduce the issue
  • Step-by-step instructions to reproduce the issue
  • Proof-of-concept or exploit code (if possible)
  • Impact of the issue, including how an attacker might exploit the issue

This information will help us triage your report, ensuring that your findings get passed along to the appropriate maintainers for remediation.

We can only accept vulnerability reports at the above email address.

Encrypting Messages

You may encrypt your message to us using our PGP key, available at the following URL:

The key fingerprint is:

E2A3 C809 9721 7FB6 A578 D08A E3C6 4A7B FE47 7AAA

There aren’t any published security advisories