If you discover a security vulnerability in fhir-codebridge, please report it responsibly:
- Do NOT open a public GitHub issue.
- Email the maintainer directly via GitHub's security advisory feature:
- Go to https://github.com/CiphemonJY/fhir-codebridge/security/advisories/new
- Or use "Report a vulnerability" under the Security tab
- Include: description of the issue, steps to reproduce, potential impact, and any suggested fixes.
- Response time: within 72 hours.
fhir-codebridge is designed for healthcare environments where data privacy is critical:
- On-premises deployment: No PHI leaves your network. No cloud dependencies.
- API key authentication: Role-based access (admin / read-only). Constant-time key comparison.
- Audit logging: Every request logged (JSON Lines format). implements audit logging per HIPAA §164.312(b).
- Rate limiting: In-memory token bucket (100 req/60s default, configurable).
- Docker secrets: API keys stored as files, not plaintext environment variables.
- Non-root container: Docker image runs as unprivileged user.
- UMLS guardrail: Rate-limited (5 req/s) + cached (1h TTL). Patient context stripped before external API calls.
| Setting | Default | Recommendation |
|---|---|---|
| Auth | Enabled (required) | Keep enabled in production |
| CORS | Same-origin only | Set CODEBRIDGE_CORS_ORIGINS for cross-origin |
| Rate limit | 100 req/60s | Lower for public-facing deployments |
| Docker | Non-root user | Keep — do not override |
| Audit log | data/audit.log |
Mount to persistent volume in production |
In scope: fhir-codebridge server code, client SDK, Docker configuration, CI/CD workflows.
Out of scope: UMLS/NLM API security (governed by NLM terms), your institution's network security, Docker host hardening.
- Vulnerabilities are disclosed after a fix is available and deployed.
- We coordinate with reporters on disclosure timing.
- Credit is given to reporters (unless they prefer to remain anonymous).