Security Policy Reporting a Vulnerability Please report security issues privately to the organization security contact or CTO. Do not create public GitHub issues for vulnerabilities. Secrets Never commit credentials, tokens, or keys. Use GitHub Encrypted Secrets or a secret manager.