| Version | Status | Supported Until |
|---|---|---|
| 1.0.x | Current | TBD |
If you discover a security vulnerability in Centipede, please do not open a public GitHub issue.
Instead, please email security@centipede.dev with:
- Description — What is the vulnerability?
- Location — Where in the code is it?
- Impact — What could be exploited?
- Reproduction — How can we verify it?
We will respond within 48 hours and work with you on a patch.
- Always run with proper authentication (Azure managed identity or service principal)
- Use TLS/HTTPS for all API calls
- Rotate credentials regularly
- Enable audit logging for all tenant blocking actions
- Monitor exit codes for anomalies in CI/CD pipelines
- Use network policies to restrict APIM API access
- Store
AZURE_CLIENT_SECRETin secure secret managers (GitHub Secrets, Azure KeyVault, etc.) - Never commit credentials to version control
- Use managed identities in Kubernetes when possible
- Implement credential rotation policies
- Baseline files contain traffic patterns — protect with appropriate permissions
- Detection logs may contain sensitive tenant information
- Implement log retention policies
- Use encryption at rest for storage
- Baseline Dependency — Detection accuracy depends on clean baseline data
- Subtle Attacks — Attackers using stolen credentials at normal rates won't be detected
- Zero-Day Exploits — Logic bugs are not detected by behavioral analysis
- Silent Exfiltration — Slow data theft at normal request rates won't trigger alerts
See Production Readiness Assessment for complete threat model.