If you discover a security vulnerability in this project, please report it responsibly.
Do not open a public issue. Instead, email the maintainers or use GitHub's private vulnerability reporting.
We will acknowledge your report within 48 hours and aim to provide a fix within 7 days for critical issues.
This policy applies to all packages:
@ssomatic/core@ssomatic/cli@ssomatic/web
- Never commit AWS credentials, tokens, or secrets
- Use AWS SSO for authentication (which is what SSOmatic facilitates)
- Keep dependencies up to date