RepoSec is pre-1.0 software. Security fixes are provided for the latest release on the main branch.
| Version | Supported |
|---|---|
main |
Yes |
< 0.1.0 |
No |
Please report suspected vulnerabilities through GitHub Security Advisories:
https://github.com/zanesense/reposec/security/advisories/new
If GitHub Security Advisories are unavailable, email security@zanesense.dev with a clear description, affected component, reproduction steps, and any relevant proof of concept.
Do not open a public issue for vulnerabilities that could put users or repositories at risk.
- Initial acknowledgement: within 2 business days.
- Triage and severity assessment: within 5 business days.
- Remediation target for confirmed high or critical issues: within 14 calendar days.
- Remediation target for confirmed medium or low issues: within 30 calendar days.
We will keep reporters updated if investigation or remediation needs more time.