Skip to content

Potential Security Improvements #1481

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
996627519 opened this issue Apr 1, 2025 · 1 comment
Open

Potential Security Improvements #1481

996627519 opened this issue Apr 1, 2025 · 1 comment

Comments

@996627519
Copy link

996627519 commented Apr 1, 2025
edited
Loading

Hello python-docx Maintainers,

I sincerely appreciate your hard work on this project.

In today's digital landscape, the security of open - source software (OSS) has become a pressing concern. The Open Source Security Foundation (OpenSSF), a sub - foundation of the Linux Foundation, has been dedicated to enhancing OSS security for many years.

One of the valuable tools developed by OpenSSF is Scorecard. It provides a set of security checkpoints for OSS projects. After analyzing our project with Scorecard, it has identified several areas where we can improve security:

1. Branch Protection
Enabling branch protection rules and mandatory code reviews can significantly reduce the risk of introducing vulnerabilities. The important branches should be protected because it should not be deleted or forced pushed by mistaken.
You can check it in the Settings - Branches page, You can click the Add branch ruleset or Add classic branch protection rule to protect one or more branches.

2. Static Application Security Testing (SAST)
Implementing SAST tools is crucial as it allows us to detect vulnerabilities at an early stage of the development cycle.
You can check it in the Settings - Code Security page. You can enable the Code scanning options.

3. Dependency Update Tool
Using a dependency update tool ensures that our project always utilizes the latest and most secure library versions. You can enable dependabot in the repository settings.
You can check it in the Settings - Code Security page. You can enable the Dependabot options.

4. Security Policy
It is highly recommended to define a comprehensive security policy (SECURITY.md) in the root directory. This policy should include guidelines for vulnerability reporting and vulnerability publishment.
You can do it in the Security page which will give you a template file, just put some key informations(such as Email address or Vulnerabilities submission link) in the SECURITY.md and commit it.

5. Packaging
Build and release official packages using the CI/CD pipeline.

6. Code Review
Perform manual review before code merging.

For detailed information on these checks, you can refer to the OpenSSF Scorecard documentation

I believe that addressing these security improvements will strengthen our project's security posture. What are your thoughts on implementing these changes?
@996627519 996627519 changed the title Potential Security Enhancements for python-docx Potential Security Improvements Apr 23, 2025
@996627519
Copy link
Author

@scanny

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@996627519