If you discover a security vulnerability, please report it through GitHub's private vulnerability reporting:
- Go to the Security tab of this repository
- Click "Report a vulnerability"
- Provide a detailed description
Please do not report security vulnerabilities through public issues or pull requests.
Include:
- Type of issue
- Steps to reproduce
- Impact assessment
| Version | Supported |
|---|---|
| 1.x | ✅ |
| < 1.0 | ❌ |
This action is a wrapper around the Blobber CLI. Security issues may fall into different categories:
- Action-specific issues (input handling, credential exposure in logs, etc.) - Report here
- Blobber CLI issues (registry interaction, file handling, etc.) - Report to meigma/blobber
- Initial Response: Within 3 business days
- Status Update: Within 10 business days
- Resolution: Critical issues within 30 days