This template is actively maintained and we recommend always using the latest version.
| Version | Supported |
|---|---|
| 6.1.x | ✅ |
| 6.0.x | ✅ |
| < 6.0 | ✅ |
If you discover a security vulnerability in this Salesforce template, please report it responsibly.
DO NOT create a public GitHub issue for security vulnerabilities.
Instead, please report security issues via email to:
When reporting a vulnerability, please include:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact
- Suggested fix (if you have one)
- Your contact information
- We will acknowledge receipt of your vulnerability report within 3 business days
- We will provide a more detailed response within 7 business days
- We will work with you to understand and address the issue
- We will notify you when the vulnerability has been fixed
We appreciate responsible disclosure and will:
- Keep you informed about our progress
- Credit you in the fix (if you wish)
- Work to address the issue as quickly as possible
When using this template:
- Never commit credentials - Use
.gitignorefor sensitive files - Use scratch org URLs - Rotate Dev Hub auth URLs regularly
- Review permissions - Implement proper sharing and FLS checks
- Validate input - Prevent SOQL injection and XSS
- Use secrets management - Store GitHub secrets securely
- Run security checks:
npm run lint - Review dependencies:
npm audit - Keep dependencies updated:
npm update - Use pre-commit hooks (Husky)
- Protect GitHub secrets - Limit access to
SFDX_AUTH_URL_DEVHUB - Branch protection - Enable branch protection on
main - Review workflows - Audit GitHub Actions regularly
- Limit permissions - Use minimal required permissions
For security concerns, contact:
Beyond The Cloud Sp. z o.o.
- Email: [email protected]
- Website: beyondthecloud.dev
Thank you for helping keep this template and its users safe! 🔒