We take security vulnerabilities seriously. If you discover a security issue in SmokedMeat, please report it privately using GitHub's Security Advisory feature:
- Go to the Security tab of this repository
- Click "Report a vulnerability"
- Fill out the private security advisory form
Please do not report security vulnerabilities through public GitHub issues.
When reporting a vulnerability, please include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- We will acknowledge receipt within 48 hours
- We will provide an initial assessment within 7 days
- We will work with you to understand and resolve the issue
This security policy applies to the SmokedMeat framework itself. For vulnerabilities in CI/CD pipelines discovered using SmokedMeat, please report those to the respective platform or organization owners.