Security

SECURITY.md

Security Policy

Supported Scope

Security reports are welcome for:

the FastAPI service
GitHub webhook handling
worker execution and git operations
authentication and token handling
Docker packaging in this repository

Reporting a Vulnerability

Please do not open a public issue for undisclosed vulnerabilities.

Report security issues through one of these channels:

GitHub Security Advisories for this repository
a private maintainer contact if one is available to you

When reporting, include:

impact summary
affected files or endpoints
reproduction steps or proof of concept
suggested mitigations if known

Response Expectations

The project aims to:

acknowledge reports promptly
validate the issue before discussing public disclosure
coordinate a fix and release path before broad publication when appropriate

There aren't any published security advisories