You can help improve the security of the WeGIA project by analyzing the code during the design phase, running a local instance on your computer, or using the public test server.
🚨Please do not submit vulnerabilities through other means like VulnDB plataform. Our vulnerability disclosure policy is fully centered on GitHub Advisory.🚨
To test WeGIA’s code during the design phase, clone the repository and use static analysis tools. Here are some suggestions:
- mn-analise
- Read the whitepaper: An extension for VSCode that uses ChatGPT as a tool to support secure software development
- Available on the Visual Studio Marketplace
You can use a virtual machine with WeGIA pre-installed to run your security tests.
-
VirtualBox
- Prerequisite: Install VirtualBox
- Download the WeGIA Virtual Machine
- Username:
wegia - Password:
wegia
- Username:
- Watch the WeGIA VM tutorial on YouTube
-
Local Installation
Follow the installation instructions
You can use a public server with WeGIA pre-installed to run your security tests.
The following table indicates which versions of WeGIA receive security updates:
| Version | Supported |
|---|---|
| ≥ 3.6 | ✅ Yes |
| < 3.6 | ❌ No |
Only versions 3.4 and above are actively maintained for security.
If you discover a security vulnerability in WeGIA, we encourage responsible disclosure.
- Preferred method: Submit a private advisory via GitHub.
- GitHub Security Advisory: https://github.com/LabRedesCefetRJ/WeGIA/security/advisories
- Alternative contact: Send an email to
labredes@grupo.cefet-rj.br
Please include the following details if possible:
- Description of the issue
- Steps to reproduce
- Affected version(s)
- Potential impact
We aim to respond within 72 business hours.
Thank you for helping to keep WeGIA secure.