If you discover a security issue in dbt-semguard, please use GitHub Security Advisories/private vulnerability reporting as the primary disclosure channel for this repository.

If GitHub private reporting is unavailable for your report, contact rivero4javier@outlook.es and include:

• a clear description of the issue
• affected versions or tags
• reproduction steps or a proof of concept
• any suggested mitigation if you already have one

Please do not open a public GitHub issue for unpatched vulnerabilities.

Best-effort response goals for this project:

• acknowledgement within 5 business days
• triage and severity assessment after reproduction
• coordinated disclosure once a fix or mitigation is available

This policy covers:

• the published GitHub Action
• the CLI package and repository source
• release artifacts produced from this repository