amancca/tolo
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions
tolo/SECURITY.md
selamanapps 40a80a6c9b Initial release: Tolo v1.0.0 
- Add core CLI functionality (save, run, update, delete, list, show, search)
- Implement JSON-based storage in ~/.tolo/tolo.db.json
- Add beautiful terminal UI with colors and icons
- Support command shortcuts (s, r, u, d, ls, l, sh, se, h, v)
- Add Bash and Zsh shell completion
- Include comprehensive documentation (README, CONTRIBUTING, SECURITY)
- Set up CI/CD workflows with GitHub Actions
- Add installation script and Makefile for build automation
- MIT License

Made with ❤️ at Zemenawi Lab
2026-03-27 06:44:03 +03:00

1.7 KiB
Raw Blame History

Security Policy

Supported Versions

Only the latest version of Tolo receives security updates and bug fixes. Users are strongly encouraged to keep Tolo updated to the latest version.

Reporting a Vulnerability

If you discover a security vulnerability in Tolo, please report it responsibly.

How to Report

  1. Do not create a public issue
  2. Send an email to: security@selamanapps.com
  3. Include as much detail as possible:
    • Description of the vulnerability
    • Steps to reproduce
    • Potential impact
    • Suggested fix (if any)

What Happens Next?

  • You will receive an acknowledgment within 48 hours
  • We will investigate the vulnerability
  • We will work with you to develop a fix
  • Once fixed, we will coordinate the disclosure

Security Best Practices

File Permissions

Tolo stores aliases in ~/.tolo/tolo.db.json. Ensure this file has appropriate permissions:

chmod 600 ~/.tolo/tolo.db.json

Sensitive Information

  • Avoid storing passwords or API keys directly in aliases
  • Use environment variables for sensitive data
  • Be careful with commands that contain credentials

Command Execution

Tolo executes commands exactly as saved. Always verify aliases before running:

tolo show alias-name

Dependency Security

Tolo is built with pure Go and minimal dependencies. We regularly update dependencies to address security issues. The project uses GitHub Dependabot for automated dependency updates.

Security Features

  • No remote network calls - Tolo runs entirely locally
  • File-based storage - No database servers
  • Simple JSON format - Easy to audit
  • No external dependencies - Minimal attack surface