Skip to content

Security: leonardosalasd/code-review-bot

SECURITY.md

Security Policy

Reporting a Vulnerability

If you find a security vulnerability in this project, please do not open a public issue.

Preferred: GitHub Private Reporting

Use the "Report a vulnerability" button under the Security tab of this repository. This creates a private advisory where we can discuss the issue and work on a fix without exposing details publicly.

Alternative: Email

If you can't use the GitHub reporting tool, send an email to leonardo.salas01@outlook.com with:

  • A description of the vulnerability
  • Steps to reproduce it
  • The impact as you understand it

What to Expect

  • We'll acknowledge your report within 3 business days.
  • We'll keep you updated on the fix timeline.
  • We'll credit you in the release notes (unless you prefer to stay anonymous).

We ask that you give us a reasonable window to address the issue before any public disclosure. We appreciate your help in keeping this project secure.

There aren't any published security advisories