π¦ Project: checkcle
checkcle is a self-hosted uptime and server monitoring tool built with TypeScript and Go.
We care about the security and privacy of users running this project in production environments.
If you believe you have found a security vulnerability in this project:
- DO NOT open a public issue to report it.
- Please report it responsibly via one of the following methods:
π Preferred: Report a Vulnerability via GitHub
- Use the GitHub security advisory form (private and secure).
- Attach as much detail as possible:
- Description of the issue
- Affected version or commit hash
- Reproduction steps
- Impact and any potential mitigations
- Logs or screenshots (if available)
- Email:
security@checkcle.io
- Optionally include a PGP public key for encrypted messages
We aim to respond within 3β5 business days.
We support the latest stable release of checkcle
. Security patches may also be applied to recent versions at our discretion.
Version | Supported |
---|---|
main (latest) |
β Yes |
Older versions | |
Pre-release or forks | β No |
CheckCle follows these practices to improve overall security:
- π Regular vulnerability scanning (npm audit for JavaScript dependencies, govulncheck for Go modules)
- βοΈ Dependency pinning (package-lock.json and Go modules)
- β Type-safe code in TypeScript and memory-safe design in Go
- π§ͺ Continuous testing and CI pipelines
- π No data is stored or transmitted unless explicitly configured by the user
- π§βπ» All code contributions are reviewed before merging
- Outbound HTTPS requests: CheckCle agents perform outbound HTTPS connections to send metric data to the backend server. Avoid deploying in untrusted or high-risk environments without appropriate network policies and monitoring.
- The data may be lost upon system restarts or crashes. Always ensure that backup (pb_data) and recovery mechanisms are in place in production environments.
This project is released under the MIT License. Use at your own risk. The Creator and contributors are not liable for misuse, data loss, or operational impact resulting from use of the software.
We appreciate responsible disclosures from the community. Your efforts help us make the open-source ecosystem safer for everyone.
Thanks & Regards,
β Tola Leng