ShipPilot is pre-1.0 software. Security fixes are provided for the latest published version.
| Version | Supported |
|---|---|
| 0.1.x | Yes |
| < 0.1 | No |
Please report suspected vulnerabilities privately through GitHub Security Advisories for this repository.
Do not open a public issue for secrets exposure, authentication bypasses, unsafe CI behavior, or vulnerabilities that could compromise a user's project, simulator, reports, or credentials.
When reporting, include:
- The affected ShipPilot version.
- Reproduction steps or a minimal configuration.
- The expected and actual security impact.
- Whether any secrets, tokens, logs, screenshots, or reports were exposed.
ShipPilot is intentionally test-and-report only. Security-sensitive changes should preserve that boundary unless a separate mode is explicitly designed and documented.