The Microsoft Sovereign Cloud Brain Trek team takes security seriously. We appreciate your efforts to responsibly disclose your findings.
Please do NOT report security vulnerabilities through public GitHub issues.
Instead, please report them via email to the repository maintainer or through GitHub's private vulnerability reporting feature.
| Version | Supported |
|---|---|
| Current (main branch) | ✅ |
| Previous releases | ❌ |
This repository contains training documentation only and does not include:
- Production code or deployable applications
- Secrets, credentials, or API keys
- Customer data or personally identifiable information (PII)
When contributing to this repository:
- Never commit secrets — Use environment variables or Azure Key Vault references in examples
- Sanitize examples — Ensure all code samples use placeholder values
- Review dependencies — Keep Ruby gems and npm packages updated
- Follow Microsoft guidelines — Adhere to Microsoft Security Development Lifecycle
When following the hands-on labs:
- Use test environments — Never use production subscriptions for labs
- Clean up resources — Delete lab resources after completion to avoid costs
- Rotate credentials — If you accidentally expose any credentials, rotate them immediately
- Follow least privilege — Use minimal permissions for lab exercises
The content in this repository references Microsoft's official security documentation:
- Microsoft Security Best Practices
- Azure Security Documentation
- Zero Trust Architecture
- Microsoft Cloud for Sovereignty
This project uses GitHub Dependabot to monitor and update dependencies. Security updates are prioritized and typically addressed within 48 hours.
For security concerns, contact the repository maintainer through GitHub.
Last Updated: November 2025