This document outlines the security reporting and responsible disclosure process for the AutoAudit project.
Security-related changes should be reviewed through pull requests before merging into protected branches.
| Branch | Status |
|---|---|
| main | Active |
| feature branches | Development |
If you discover a security vulnerability within AutoAudit, please report it privately to the project maintainers.
Please include:
- A description of the issue
- Steps to reproduce the issue
- Potential impact
- Relevant screenshots or logs if available
Do not publicly disclose vulnerabilities through GitHub issues or discussions until they have been reviewed by the maintainers.
Security-related pull requests and changes should be reviewed before merging.
The project uses GitHub-based workflows and security scanning processes to support secure development practices.
Dependencies and code changes should be reviewed regularly to support secure development and reduce risk from vulnerable packages or insecure code patterns.
Security issues should be handled responsibly to protect users, contributors, and project infrastructure while allowing maintainers time to investigate and resolve reported issues.