Report any security vulnerabilities you find according to these guidelines.
- Please adhere to Code of Conduct at all times.
- If you discover a vulnerability, report it directly to the code maintainers, preferably using GitHub's Private Vulnerability Reporting.
- If you cannot find a way to report it, or have received no response after repeated attempts, contact the creators directly.
Thank you.
This project strives to implement Open Source Security Foundation (OSSF) Best Practices.
Some of the security measures undertaken in this project include:
- OSSF Scorecard
- Security file
- Security Insights Specification as defined here
- Security Self Assessment
- Security Dependencies Policy
- Renovate Bot for automated dependency updates
- Software Bills Of Material (SBOMs)
- Sigstore signing as seen here
- GitHub Actions CI/CD pipelines with minimal permissions
- GitHub Actions CI/CD pipelines hardened via Harden Runner
- Pre-commit hooks for local code quality and security verification