SECURITY.md
# Security Policy
## Security Measures
We are very concerned about security. Therefore we have taken some precautions:
- We use [Snyk](https://app.snyk.io/org/adrolli/project/dd7d7d2c-7a0c-4741-ab01-e3d11ea18fa0), a platform that regularly checks our security
- We have enabled all [security features on Github](https://github.com/mooxphp/moox/security)
- We use [Dependabot Security](https://github.com/mooxphp/moox/security/dependabot) to be immediately aware of security issues in our dependencies and prevent security vulnerabilities throughout the dependency chain
- We use [Renovate](https://renovatebot.com/) to automatically check all dependencies and create automatic pull requests for updates
- We use [PHPStan / Larastan](https://github.com/mooxphp/moox/actions/workflows/phpstan.yml), the best static analyzer for PHP and Laravel to catch every bug in our codebase
- We have branch protection enabled and run all check before merging to `main`
- We always stay on the current stable versions and choose our dependencies with great care
## Supported Versions
We currently support the current version, means the `main`-Branch and the current packages on packagist.
| Version | Supported |
| -------- | ------------------ |
| dev-main | :white_check_mark: |
## Reporting a Vulnerability
If you spot a potential vulnerability, please go to https://github.com/mooxphp/moox/security/advisories and click on the `Report a vulnerability`-Button or send an email to security@moox.org.
Please do not create a GitHub issue for security vulnerabilities. This could allow potential attackers to exploit the vulnerability and cause damage before we've had a chance to patch it.