Report any security vulnerabilities you find according to these guidelines.
- Please adhere to Code of Conduct at all times.
- If you discover a vulnerability, report it directly to the code maintainers, preferably using GitHub's Private Vulnerability Reporting.
- If you cannot find a way to report it, or have received no response after repeated attempts, contact the creators directly.
Thank you.
This project implements some parts of the Open Source Security Foundation (OSSF) Best Practices.
Some of the security measures undertaken in this project include:
- Security file
- Security Insights Specification as defined here
- Security Self Assessment
- Security Dependencies Policy
- GitHub Actions CI/CD pipelines with minimal permissions
- GitHub Actions CI/CD pipelines hardened via Harden Runner
- Pre-commit hooks for local code quality verification
- Appropriate repository security measures, e.g. branch protection rulesets