This document provides an overview of the security architecture.

• All incoming webhooks may provide secret header. It depends on your configuration.
• REST API:
  • Requires authentication
  • Request size is limited to 256 KB
• Project uses sqlite to store data in file kwp.db. You can switch it to in memory mode by setting DATABASE_URL environment variable to sqlite::memory:.

• We use Alpine Linux as the base image, which is a lightweight and secure Linux distribution. We also use Docker Compose to manage our services, which provides a secure and isolated environment for our application.
• Rootless container image with uid/gid recommended for Kubernetes.
• The latest trivy scan report is here.

• Use TLS
• Use secrets for webhooks