This repository is the source for the static marketing/devtool site at https://scheduling-bridge.tinyland.dev. The site itself is purely static — no server runtime, no user accounts, no inbound data, no analytics.
Until a public security email is published, please report security issues against this site via a private GitHub security advisory on this repository:
https://github.com/tinyland-inc/scheduling-bridge.tinyland.dev/security/advisories/new
For vulnerabilities in the scheduling-bridge engine itself (the
upstream project that this site is about), report against the canonical
source repo instead:
https://github.com/Jesssullivan/scheduling-bridge/security/advisories/new
In scope for this repository:
- Build / CI supply-chain issues
- Static site content that misrepresents the security posture of scheduling-bridge
- Secrets accidentally committed to history
- Third-party dep vulnerabilities affecting the build pipeline
Out of scope:
- Cosmetic / SEO / accessibility issues — please open a normal issue
- Vulnerabilities in
scheduling-bridgeitself — see upstream link above - DDoS / availability — site is on GitHub Pages with no privileged routes; standard Pages SLO applies
- Bug bounties (no programme yet)
- Public discussion of unfixed issues until a coordinated disclosure date is agreed