| Version | Supported |
|---|---|
| 0.1.x | ✅ |
If you discover a security vulnerability in this project, please report it responsibly:
- Do not open a public GitHub issue
- Email the maintainer directly or use GitHub's private vulnerability reporting
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: Within 48 hours
- Initial assessment: Within 1 week
- Resolution: Depends on severity (critical: ASAP, high: 2 weeks, medium/low: next release)
This repository provides templates that follow security best practices:
- Dependency scanning with Dependabot
- Code scanning with CodeQL (for public repos or GHAS-enabled private repos)
- Container scanning with Trivy
- SBOM generation for supply chain transparency
- OpenSSF Scorecard for security posture assessment
We appreciate responsible disclosure and will acknowledge security researchers who report valid vulnerabilities.