If you discover a security vulnerability in repo-forensics, please report it responsibly.
Email: [email protected]
Please include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
We will acknowledge receipt within 48 hours and aim to provide a fix or mitigation within 7 days for critical issues.
This policy covers the repo-forensics scanner code, GitHub Action, and IOC database. It does not cover repositories that repo-forensics scans.
Only the latest release is supported with security updates.