Security

SECURITY.md

Security Policy

Please do not publish secrets, tokens, customer data or exploitable configuration details in issues or pull requests.

Coordinated handling

Use private channels for sensitive findings
Provide reproducible steps with redacted evidence
Describe affected versions, environments and prerequisites
Include proposed mitigations or containment options when possible

Operational expectations

Rotate exposed credentials immediately
Review impacted automation identities
Revalidate logs, alerts and recovery paths after remediation

There aren’t any published security advisories