If you discover a security vulnerability in this project, please report it responsibly.
Do NOT open a public GitHub issue for security vulnerabilities.
Please report security issues via the SAP Trust Center at https://www.sap.com/about/trust-center/security/incident-management.html.
Alternatively, you can email secure@sap.com.
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: Within 48 hours
- Initial assessment: Within 5 business days
- Resolution target: Varies by severity
This toolkit follows defense-in-depth principles:
- Credentials never reach the LLM — The MCP server holds secrets in process memory; only sanitized responses flow to the agent.
- Application credentials over passwords — Scoped, revocable, auditable.
- Keychain storage — Secrets retrieved via OS commands (
security find-generic-passwordon macOS,passon Linux), never stored in plaintext config. - Response sanitization — The MCP server strips sensitive fields before returning results.
- Project-scoped access — All operations are scoped to the authenticated project.
- Audit trail — All actions are logged to Hermes with the credential identity.
| Version | Supported |
|---|---|
| 0.1.x | ✅ |
This policy covers:
- The agent toolkit (skills, rules, knowledge)
- Plugin manifests and configuration
- The validation tooling
For vulnerabilities in the MCP server itself, please report to the openstack-mcp-server repository.