fed8b2eed7
Backend release / release (push) Waiting to run
Bandit Security Scan / bandit_scan (push) Waiting to run
Build and push multi-arch DocsGPT Docker image / build (linux/amd64, ubuntu-latest, amd64) (push) Waiting to run
Build and push multi-arch DocsGPT Docker image / build (linux/arm64, ubuntu-24.04-arm, arm64) (push) Waiting to run
Build and push multi-arch DocsGPT Docker image / manifest (push) Blocked by required conditions
Build and push DocsGPT FE Docker image for development / build (linux/amd64, ubuntu-latest, amd64) (push) Waiting to run
Build and push DocsGPT FE Docker image for development / build (linux/arm64, ubuntu-24.04-arm, arm64) (push) Waiting to run
Build and push DocsGPT FE Docker image for development / manifest (push) Blocked by required conditions
Python linting / ruff (push) Waiting to run
Run python tests with pytest / Run tests and count coverage (3.12) (push) Waiting to run
React Widget Build / build (push) Waiting to run
4.7 KiB
4.7 KiB
DocsGPT Incident Response Plan (IRP)
This playbook describes how maintainers respond to confirmed or suspected security incidents.
- Vulnerability reporting:
SECURITY.md - Non-security bugs/features:
CONTRIBUTING.md
Severity
| Severity | Definition | Typical examples |
|---|---|---|
| Critical | Active exploitation, supply-chain compromise, or confirmed data breach requiring immediate user action. | Compromised release artifact/image; remote execution. |
| High | Serious undisclosed vulnerability with no practical workaround, or CVSS >= 7.0. | key leakage; prompt injection enabling cross-tenant access. |
| Medium | Material impact but constrained by preconditions/scope, or a practical workaround exists. | Auth-required exploit; dependency CVE with limited reachability. |
| Low | Defense-in-depth or narrow availability impact with no confirmed data exposure. | Missing rate limiting; hardening gap without exploit evidence. |
Response workflow
1) Triage (target: initial response within 48 hours)
- Acknowledge report.
- Validate on latest release and
main. - Confirm in-scope security issue vs. hardening item (per
SECURITY.md). - Assign severity and open a draft GitHub Security Advisory (GHSA) (no public issue).
- Determine whether root cause is DocsGPT code or upstream dependency/provider.
2) Investigation
- Identify affected components, versions, and deployment scope (self-hosted, cloud, or both).
- For AI issues, explicitly evaluate prompt injection, document isolation, and output leakage.
- Request a CVE through GHSA for Medium+ issues.
3) Containment, fix, and disclosure
- Implement and test fix in private security workflow (GHSA private fork/branch).
- Merge fix to
main, cut patched release, and verify published artifacts/images. - Patch managed cloud deployment (
app.docsgpt.cloud) and other deployments as soon as validated. - Publish GHSA with CVE (if assigned), affected/fixed versions, CVSS, mitigations, and upgrade guidance.
- Critical/High: coordinate disclosure timing with reporter (goal: <= 90 days) and publish a notice.
- Medium/Low: include in next scheduled release unless risk requires immediate out-of-band patching.
4) Post-incident
- Monitor support channels (GitHub/Discord) for regressions or exploitation reports.
- Run a short retrospective (root cause, detection, response gaps, prevention work).
- Track follow-up hardening actions with owners/dates.
- Update this IRP and related runbooks as needed.
Scenario playbooks
Supply-chain compromise
- Freeze releases and investigate blast radius.
- Rotate credentials in order: Docker Hub -> GitHub tokens -> LLM provider keys -> DB credentials ->
JWT_SECRET_KEY->ENCRYPTION_SECRET_KEY->INTERNAL_KEY. - Replace compromised artifacts/tags with clean releases and revoke/remove bad tags where possible.
- Publish advisory with exact affected versions and required user actions.
Data exposure
- Determine scope (users, documents, keys, logs, time window).
- Disable affected path or hotfix immediately for managed cloud.
- Notify affected users with concrete remediation steps (for example, rotate keys).
- Continue through standard fix/disclosure workflow.
Critical regression with security impact
- Identify introducing change (
git bisectif needed). - Publish workaround within 24 hours (for example, pin to known-good version).
- Ship patch release with regression test and close incident with public summary.
AI-specific guidance
Treat confirmed AI-specific abuse as security incidents:
- Prompt injection causing sensitive data exfiltration (from tools that don't belong to the agent) -> High
- Cross-tenant retrieval/isolation failure -> High
- API key disclosure in output -> High
Secret rotation quick reference
| Secret | Standard rotation action |
|---|---|
| Docker Hub credentials | Revoke/replace in Docker Hub; update CI/CD secrets |
| GitHub tokens/PATs | Revoke/replace in GitHub; update automation secrets |
| LLM provider API keys | Rotate in provider console; update runtime/deploy secrets |
| Database credentials | Rotate in DB platform; redeploy with new secrets |
JWT_SECRET_KEY |
Rotate and redeploy (invalidates all active user sessions/tokens) |
ENCRYPTION_SECRET_KEY |
Rotate and redeploy (re-encrypt stored data if possible; existing encrypted data may become inaccessible) |
INTERNAL_KEY |
Rotate and redeploy (invalidates worker-to-backend authentication) |
Maintenance
Review this document:
- after every Critical/High incident, and
- at least annually.
Changes should be proposed via pull request to main.