| Version | Supported | Security Audit |
|---|---|---|
| 0.16.x | ✅ | v0.16.5 Audit (Score: 92/100) |
| 0.15.x | ✅ | - |
| 0.14.x | ✅ | - |
| < 0.14 | ❌ | - |
Please do NOT report security vulnerabilities through public GitHub issues.
Instead, please report them via email to: security@supernovae.studio
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
| Stage | Timeline |
|---|---|
| Acknowledgment | 48 hours |
| Initial assessment | 7 days |
| Fix timeline shared | 14 days |
| Public disclosure | After fix released |
Nika implements the following security measures:
- cargo-audit: Dependency vulnerability scanning (578 crates, 0 CVE)
- cargo-deny: License and advisory checks (deny.toml configured)
- cargo-geiger: Unsafe code inventory (weekly scans)
- CodeQL: Semantic SAST analysis (weekly)
- Semgrep: Pattern-based security scanning (weekly)
- ARMADA: 10 quality checkpoints for all PRs
- Zero unsafe blocks: Nika contains 0 unsafe code
- Zero CVE: All dependencies verified safe
- 3,358 tests: Comprehensive test coverage
- Zero clippy warnings: Strict linting enabled
- OWASP Top 10 (2021): 8/8 applicable checks passed
- CWE Coverage: 6/6 applicable weaknesses mitigated
- SLSA Level: 2 (signed provenance)
- Latest Audit: v0.16.5 - Score 92/100 (Excellent)
Nika will NEVER be version 1.0.0 or higher. This is by design:
- Perpetual 0.x.x enables continuous evolution
- SemVer 0.x allows breaking changes without drama
- See: FORTRESS Design
We thank the following security researchers:
No reports yet - be the first!