This project adheres to the security policies of its core maintainer, PostSharp Technologies. For more details, please visit PostSharp Security Policies.
We follow the Open Source Security Foundation (OpenSSF) best practices. For more details, refer to the self-assessment report.
We implement most recommendations from the OpenSSF Scorecard benchmark. See the detailed report for more information.
The following best practices are not implemented in this project:
Fuzzing (or fuzz testing) is a software testing technique that automatically feeds a program with random, malformed, or unexpected input data to identify crashes, hangs, or security vulnerabilities (e.g., buffer overflows, assertion failures).
This project does not handle or parse untrusted input from external sources. All data processed originates from trusted, internal, or authenticated systems. Therefore, fuzz testing, which is primarily aimed at finding crashes or unexpected behavior from malformed or adversarial input, is not applicable or necessary in this context.
We use the following code scanners on release and CI branches: