Secure Development and Release

Scope

WikiTraccs runs on the customer’s migration machine. No vendor‑hosted systems. Data stays local to the customer environment.

No Subprocessors

No vendor cloud hosting or third-party subprocessors involved in product operation.

Development Workflow

• Issues: public issues in a public GitHub repository; private reports tracked in a private repository
• Branching: main for releases; features and fixes in separate branches

CI Checks

• Antivirus scan
• Static code analysis
• Dependency and license scan
• Known vulnerability scan
• Secret scan

Release Integrity

• Release artifacts are signed in CI
• A checksum file lists per‑file hashes in the package

Testing

• Extensive unit test coverage
• Manual testing of releases

Versioning and Support

• Semantic Versioning (MAJOR.MINOR.PATCH)
• Changelog documents all user-visible changes
• Support policy: current GA and prerelease versions receive fixes; older versions are EOL

Vulnerability Disclosure and Response

• Email reports to [email protected]
• Acknowledge within one business day. Start on high‑impact issues immediately. Target fix in two weeks, subject to complexity.
• Safe‑harbor for good‑faith research
• security.txt

Supply Chain Hygiene

• Dependencies are pinned via lock files
• Builds are reproducible