Skip to content

Security: antonbabenko/pre-commit-terraform

Security

.github/SECURITY.md

Reporting a Vulnerability

If you believe you have discovered a potential security vulnerability in this project, please report it securely. Do not create a public GitHub issue for any security concerns.

How to Report

Send an email with a detailed description of the vulnerability, including any evidence of the disclosure, the impact, and any timelines related to the issue to: [email protected]

Vulnerability Disclosure Process

  • Confidential Disclosure: All vulnerability reports will be kept confidential until a fix is developed and verified.
  • Assessment and Response: We aim to acknowledge any valid report within 15 business days.
  • Timelines: After verification, we plan to have a coordinated disclosure within 60 days, though this may vary depending on the complexity of the fix.
  • Communication: We will work directly with the vulnerability reporter to clarify details, answer questions, and discuss potential mitigations.
  • Updates: We may provide periodic updates on the progress of the remediation of the reported vulnerability.

Guidelines

  • Vulnerability Definition: A vulnerability is any flaw or weakness in this project that can be exploited to compromise system security.
  • Disclosure Expectations: When you report a vulnerability, please include as much detail as possible to allow us to assess its validity and scope without exposing sensitive information publicly.

By following this process, you help us improve the security of our project while protecting users and maintainers. We appreciate your efforts to responsibly disclose vulnerabilities.

There aren’t any published security advisories