| Repository | Version | Supported |
|---|---|---|
| bioquery-api | latest | ✅ |
| bioquery-frontend | latest | ✅ |
| bioquery-py | >= 0.1.0 | ✅ |
| bioquery-docs | latest | ✅ |
We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly.
- Do NOT create a public GitHub issue for security vulnerabilities
- Email security concerns to: security@bioquery.io
- Include as much detail as possible:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: We will acknowledge receipt within 48 hours
- Assessment: We will assess the vulnerability and determine its severity
- Updates: We will keep you informed of our progress
- Resolution: We aim to resolve critical vulnerabilities within 7 days
- Credit: We will credit you in the release notes (if desired)
This security policy applies to:
- BioQuery API (https://api.bioquery.io)
- BioQuery Web App (https://bioquery.io)
- BioQuery Python SDK (pip install bioquery)
- BioQuery Documentation (https://docs.bioquery.io)
- Vulnerabilities in third-party dependencies (report these to the respective maintainers)
- Social engineering attacks
- Physical attacks
- Denial of service attacks
When contributing to BioQuery:
- Never commit secrets - Use environment variables for API keys and credentials
- Validate inputs - Always validate user inputs on both client and server
- Use parameterized queries - Prevent SQL injection in BigQuery operations
- Keep dependencies updated - Regularly update dependencies to patch known vulnerabilities
- Follow least privilege - Request only necessary permissions
For security questions or concerns:
- Email: security@bioquery.io
- GitHub Security Advisories: Create a private advisory