Skip to content

Security: zaccesss/git-unlocked

Security

SECURITY.md

Security Policy

Reporting a Vulnerability

git-unlocked is an educational course repository. It does not contain application code, APIs, or user data. However, security matters in two specific ways:

  1. Malicious content - if you find a file that contains harmful, misleading or dangerous instructions that could put a learner at risk
  2. Credential or sensitive data exposure - if you find any accidentally committed secrets, tokens or private information in the repository history or files

How to Report

Do not open a public GitHub issue for security concerns.

Report security issues privately by contacting the maintainer directly:

Isaac Adjei (Zaccess) - via isaacadjei.me

Please include:

  • A clear description of the issue
  • The file or location where you found it
  • Any relevant context that would help reproduce or understand the problem

What to Expect

  • You will receive acknowledgement of your report within 72 hours
  • The maintainer will investigate and respond with a timeline for resolution
  • Once resolved, you will be credited in the fix commit unless you prefer to remain anonymous

Scope

In scope Out of scope
Harmful or dangerous instructions in course content Typos or factual corrections (use a normal issue)
Accidentally committed credentials or secrets Style or formatting preferences (use a normal issue)
Links to malicious external resources Feature requests (use a normal issue)
Misleading security advice that could harm learners

Security Content in the Course

Security is woven throughout this course rather than siloed in one place. Key security topics covered include credential management, SSH key setup, .gitignore for sensitive files, secret scanning, removing sensitive data from Git history, two-factor authentication and safe authentication practices.

If you believe any of this security guidance is incorrect or outdated, please open an issue or pull request - keeping this content accurate protects every learner who reads it.


Made with care by Isaac Adjei

Access Granted. Success Unlocked.

There aren't any published security advisories