If you discover a security vulnerability in this project, please report it using GitHub's private vulnerability reporting. Go to the Security tab of this repository and click Report a vulnerability.
Please include:
- A description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
Note: This is a community project, not a commercially supported product. Security reports are handled by project maintainers on a best-effort basis.
SDG is designed so that a standard deployment holds no long-lived secrets:
- The app runs as its own Databricks service principal; Databricks Apps injects its OAuth credentials into the container at runtime — they are never stored in code or config.
- Lakebase (Postgres) passwords are short-lived OAuth tokens minted on demand and never persisted or logged.
- Users reach the app only through the workspace's authenticated proxy; the forwarded user identity is used solely as an audit label, never as a credential.
- What the app can read and write in Unity Catalog is bounded entirely by the grants you give its service principal.
- Never commit
.envfiles, tokens, or workspace-specific identifiers to version control - Grant the app's service principal the minimum Unity Catalog privileges it needs — its catalog dropdowns expose exactly what it can see
- Remember that retained columns contain real data: synthetic columns are safe by construction, but review retain/mask/synthesize choices against your data-handling policies before sharing exports
- Keep Flask debug mode off in any shared deployment (it is off by default;
FLASK_DEBUG=1is for local development only) - Restrict who can access the app via the app's permission settings in your workspace
- Keep dependencies current —
pip list --outdated/npm auditperiodically