Security Policy

• Please report security issues privately to security@shiplog.local.
• Do not open public issues for vulnerabilities.
• We aim to triage within 72 hours and provide a fix or guidance swiftly.

Hardening notes:

• Server-side hooks are only enforceable on self-hosted Git. For GitHub/GitLab SaaS, use branch namespace + protected rulesets and required checks. See docs/hosting/matrix.md and docs/hosting/github.md.