| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
We take the security of mars seriously. If you discover a security vulnerability, please follow these steps:
- Do NOT open a public issue.
- Email the maintainer directly at:
dylan@mordaunt.dev - Include the following in your report:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Initial Response: Within 48 hours
- Vulnerability Assessment: Within 1 week
- Fix Released: Within 2 weeks (for critical issues)
- Always install mars in a virtual environment
- Keep mars updated to the latest version
- Review dependency licenses before use in production
- Use the latest Python version supported
This project currently implements:
- Bandit for static security analysis
- Safety for dependency vulnerability checking
- GitHub-hosted workflow automation for CI and release validation
Future hardening work may add SBOM generation, release signing, and provenance once those controls are implemented end-to-end.