Skip to content

Security: zanesense/reposec

Security

SECURITY.md

Security Policy

Supported Versions

RepoSec is pre-1.0 software. Security fixes are provided for the latest release on the main branch.

Version Supported
main Yes
< 0.1.0 No

Reporting a Vulnerability

Please report suspected vulnerabilities through GitHub Security Advisories:

https://github.com/zanesense/reposec/security/advisories/new

If GitHub Security Advisories are unavailable, email security@zanesense.dev with a clear description, affected component, reproduction steps, and any relevant proof of concept.

Do not open a public issue for vulnerabilities that could put users or repositories at risk.

Response Timeline

  • Initial acknowledgement: within 2 business days.
  • Triage and severity assessment: within 5 business days.
  • Remediation target for confirmed high or critical issues: within 14 calendar days.
  • Remediation target for confirmed medium or low issues: within 30 calendar days.

We will keep reporters updated if investigation or remediation needs more time.

There aren't any published security advisories