| Version | Supported |
|---|---|
| 6.x.x | ✅ |
| < 6.0 | ❌ |
Please report vulnerabilities via GitHub Security Advisories.
This project implements several supply chain security measures:
- SBOM: Each release includes a CycloneDX Software Bill of Materials (
sbom.json,sbom.xml) attached to the GitHub release - Dependency Scanning: pip-audit runs on every CI build to detect known vulnerabilities
- Dependabot: Automated dependency updates are enabled for both Python packages and GitHub Actions
- Trusted Publishing: PyPI releases use trusted publishing via GitHub Actions OIDC