Skip to content

Security: AlphaBitCore/nexus-loadtest

Security

SECURITY.md

Security Policy

Reporting a vulnerability

Please do not open a public issue for security vulnerabilities.

Report privately via GitHub's Security Advisories (Security → Report a vulnerability). We aim to acknowledge within 3 business days and to provide a remediation timeline after triage.

Scope

loadtest is a client-side load generator. The most relevant concerns:

  • Credential handling. The tool sends whatever Authorization / headers you configure. Never commit real keys; pass them via -vk or environment variables. Shipped profiles use a REPLACE_WITH_VK placeholder on purpose.
  • Output files. results-*.jsonl and report-* may contain prompt/response excerpts and error bodies (capture_error_body). Treat the runs/ directory as potentially sensitive and exclude it from version control (it is git-ignored).
  • Dependencies. We track advisories on Go module dependencies and keep them current.

Supported versions

The latest tagged release receives security fixes.

There aren't any published security advisories