GÜVENLİK // KONTROLLER

Güvenlik Programı

Web sitesi, admin akışı ve açık kaynak teslimat hattını savunulabilir tutmak için kullandığımız kontrollerin özeti.

Dependency audit
0

Known npm vulnerabilities after production audit.

Admin backend
Cloudflare

Pages Function with origin-aware CORS and optional Turnstile.

Headers
CSP/HSTS

Security headers managed through Cloudflare Pages.

Application controls

The public site is statically prerendered and served through Cloudflare Pages. The admin API is isolated as a server-side Pages Function.

  • Content Security Policy and frame protection
  • Same-origin admin API route
  • No client-side GitHub token exposure

Admin hardening

Administrative writes are authenticated server-side before GitHub content updates are allowed.

  • Constant-time credential comparison
  • Optional Turnstile verification
  • Short-lived session token support

Disclosure

Security reports should be sent directly to the maintainers with reproduction steps and affected URLs.

  • Email: iletisim@kernelguard.net
  • No public exploit disclosure before triage
  • GitHub issues for non-sensitive bugs