If you discover a security vulnerability, please open a GitHub Security Advisory rather than a public issue.
Please include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes (optional)
All reports will be acknowledged and addressed promptly.
This container runs as a non-root user (UID/GID 1000) by default.
Recommended Kubernetes deployment:
securityContext:
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL- Do not store secrets in plaintext — use env vars or a secrets manager for
UNIFI_API_KEYandUNIFI_PASSWORD - Restrict network exposure — Greenlight should only be accessible on your local network, not the public internet
- Use API key authentication over username/password when possible
- Based on
node:24-alpine(minimal attack surface) - npm, yarn, and corepack are stripped from the runtime image
- Images are signed and built via GitHub Actions — verify with
cosignif needed
| Version | Supported |
|---|---|
| latest | ✅ |
| < latest | ❌ |