Important: This integration relies primarily on Home Assistant's security model. Camera Snapshot Processor is a lightweight image processing layer that:

• Does not store credentials (Home Assistant does)
• Does not handle authentication (Home Assistant does)
• Does not expose additional network endpoints
• Simply processes images from cameras already configured in Home Assistant

The main security is provided by Home Assistant itself. This integration is as secure as your Home Assistant installation.

This is an open source hobby project maintained in spare time. If you find a security issue:

1. For critical issues: Use GitHub Security Advisory
2. For non-critical issues: Regular GitHub Issues are fine

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Any suggested fixes (optional)

This is a hobby project, so:

• Response: Best effort, when time allows
• Fixes: Will be included in next scheduled release
• Critical CVEs: May warrant immediate patch release if severe

We use automated tools (pip-audit, CodeQL, Dependabot) to catch known vulnerabilities, but fixes are released on a regular schedule rather than emergency basis (unless critical).

While this is a hobby project, we still care about security:

• pip-audit: Daily scans for known CVEs in dependencies
• CodeQL: Automated code analysis
• Dependabot: Automatic PR for dependency updates

These tools catch issues automatically, but fixes are released on a normal schedule.

• Only one dependency: Pillow (Python Imaging Library)
• No network listeners, no external services
• No custom authentication or credential storage
• Runs entirely within Home Assistant's security context

This integration inherits Home Assistant's security:

• Authentication: Handled by Home Assistant
• Credential Storage: Home Assistant's encrypted database
• Template Execution: Home Assistant's sandboxed template engine
• Network Security: Home Assistant's web server and SSL

• ✅ Redact credentials from debug logs
• ✅ Validate user inputs
• ✅ Use minimal dependencies
• ✅ Automated CVE scanning

• 🔐 User authentication
• 🔐 Credential encryption
• 🔐 Template sandboxing
• 🔐 HTTPS/SSL
• 🔐 Access control

Most important: Keep Home Assistant updated!

Other tips:

• Use strong camera passwords
• Enable HTTPS on Home Assistant
• Don't share RTSP URLs publicly
• Review templates before adding them

• Stream URLs forwarded as-is: Required for streaming to work
• Credentials in logs: Automatically sanitized (shown as ***:***@)
• Minimal validation: Relies on Home Assistant's validation
• No caching: Always fresh images, no stale data

Found a bug or have a security concern?

• GitHub Issues
• GitHub Discussions

Remember: This is a hobby project maintained in spare time. Be patient and kind! 😊