Use this section to tell people about which versions of your project are currently being supported with security updates.
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
We take security vulnerabilities seriously. If you discover a security vulnerability, please report it to us as follows:
- Email: Send details to [email protected]
- GitHub: Use GitHub Security Advisories for this repository
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Response Time: We aim to respond within 48 hours
- Updates: We'll provide regular updates on our progress
- Timeline: Most vulnerabilities are fixed within 90 days
- Credit: We'll acknowledge your contribution (unless you prefer anonymity)
- Never commit API keys to version control
- Use environment variables for configuration
- Rotate keys regularly through the Abusix portal
- Use separate keys for development and production
- Validate inputs when using the MCP server
- Monitor API usage through the Abusix portal
- Keep dependencies updated regularly
- Use HTTPS for all API communications
# Good - using environment variables
export ABUSIX_API_KEY="your-api-key"
npx @abusix/guardian-intel-mcp-server
# Bad - hardcoding in scripts
# npx @abusix/guardian-intel-mcp-server --api-key "hardcoded-key"When configuring with Claude Desktop, ensure your API key is properly secured:
{
"mcpServers": {
"guardian-intel": {
"command": "npx",
"args": ["@abusix/guardian-intel-mcp-server"],
"env": {
"ABUSIX_API_KEY": "your-api-key-here"
}
}
}
}This project uses automated security scanning:
- npm audit: Checks for known vulnerabilities
- Dependabot: Automated dependency updates
- Snyk: Additional security scanning (when configured)
This project is licensed under MIT. See LICENSE for details.
Security updates will be published as GitHub releases and NPM package updates. Subscribe to repository notifications to stay informed.