SDK Security & Release Integrity
Crawlable summary of release controls and supply chain risk mitigation practices used by Siebly SDKs.
Security Program Snapshot
- All SDK repositories are public and auditable on GitHub.
- Pull requests are manually reviewed and merged by the engineering lead before release.
- End-to-end integration checks run against real API flows and auth variations.
- Dependency updates are kept conservative, with extra scrutiny on newly published versions.
- npm publishing uses trusted OIDC identities rather than long-lived publish tokens.
- Provenance attestations are included so package versions can be traced to CI/source context.
Independent Verification
- Review release history and linked GitHub tags
- Trusted publishing docs
- npm provenance docs
This is a static, crawlable snapshot. The interactive app loads after JavaScript starts and can refresh live data.