Skip to content

Security: tinyland-inc/scheduling-bridge.tinyland.dev

Security

SECURITY.md

Security policy

This repository is the source for the static marketing/devtool site at https://scheduling-bridge.tinyland.dev. The site itself is purely static — no server runtime, no user accounts, no inbound data, no analytics.

Reporting a vulnerability

Until a public security email is published, please report security issues against this site via a private GitHub security advisory on this repository:

https://github.com/tinyland-inc/scheduling-bridge.tinyland.dev/security/advisories/new

For vulnerabilities in the scheduling-bridge engine itself (the upstream project that this site is about), report against the canonical source repo instead:

https://github.com/Jesssullivan/scheduling-bridge/security/advisories/new

Scope

In scope for this repository:

  • Build / CI supply-chain issues
  • Static site content that misrepresents the security posture of scheduling-bridge
  • Secrets accidentally committed to history
  • Third-party dep vulnerabilities affecting the build pipeline

Out of scope:

  • Cosmetic / SEO / accessibility issues — please open a normal issue
  • Vulnerabilities in scheduling-bridge itself — see upstream link above
  • DDoS / availability — site is on GitHub Pages with no privileged routes; standard Pages SLO applies

What we won't do

  • Bug bounties (no programme yet)
  • Public discussion of unfixed issues until a coordinated disclosure date is agreed

There aren't any published security advisories