We actively support the following versions with security updates:

We take the security of the AWS Security Group Analysis Tool seriously. If you discover a security vulnerability, please follow these steps:

Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.

Instead, please send an email to the project maintainers with:

• A description of the vulnerability
• Steps to reproduce the issue
• Potential impact assessment
• Any suggested fixes (if available)

• We will acknowledge receipt of your vulnerability report within 48 hours
• We will provide a detailed response within 7 days
• We will work with you to understand and resolve the issue
• We will notify you when the vulnerability is fixed

We ask that you:

• Give us reasonable time to fix the issue before public disclosure
• Do not access, modify, or delete data that doesn't belong to you
• Do not perform any destructive testing
• Do not use the vulnerability for malicious purposes

• Never commit AWS credentials to the repository
• Use IAM roles and assume role functionality
• Follow AWS security best practices for credential management
• Regularly rotate access keys and review permissions

• Run analysis tools from secure networks
• Use VPN when accessing AWS resources remotely
• Ensure your local environment is properly secured

• Be careful with exported CSV reports containing security group information
• Do not share detailed security analysis reports publicly
• Store analysis results securely and delete when no longer needed

• This tool is designed for READ-ONLY analysis
• Verify you have proper authorization before analyzing AWS accounts
• Follow your organization's security policies and procedures

• READ-ONLY: The tool only reads AWS security group configurations
• No modifications: Cannot modify any AWS resources
• Secure authentication: Uses AWS STS for cross-account access
• No data storage: Does not store sensitive AWS data permanently
• Audit logging: All analysis activities are logged

This tool helps identify security issues but users are responsible for:

• Ensuring compliance with their organization's policies
• Following AWS security best practices
• Properly managing access to the tool and its outputs
• Regular security reviews and updates