Please do not report security vulnerabilities through public GitHub issues.
Instead, please email security concerns to the repository maintainers directly.
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
We will respond within 48 hours and work with you to address the issue.
- Never commit secrets or credentials
- Use GitHub Secrets for CI/CD credentials
- Keep dependencies updated
- Run security scanning (Gitleaks, Dependabot)
- Follow principle of least privilege
Security updates are provided for the latest release.