We take security seriously. If you discover a security vulnerability, please report it responsibly.
Please do NOT open public issues for security vulnerabilities.
- Email: Send details to the repository maintainer
- GitHub Security Advisory: Use GitHub's private vulnerability reporting
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: Within 48 hours
- Initial Assessment: Within 7 days
- Resolution: Depends on severity and complexity
| Version | Supported |
|---|---|
| main | ✅ |
| < 1.0 | ❌ |
This project has minimal attack surface:
- No External Dependencies: Uses only Python standard library
- No User Input Processing: Read-only data aggregation
- No Database: Static file generation only
- No Authentication: Public data only
- Minimal Permissions: GitHub Actions uses only
contents: write
When contributing, please ensure:
- No secrets or credentials in code
- No hardcoded sensitive URLs
- Validate all external data sources
- Use HTTPS for all external requests