Skip to content

Security: org-event/OpenPolySphere

.github/SECURITY.md

Security Policy

Supported Versions

Version Supported
main branch Yes
Latest release Yes
Other branches / older releases Best effort

Reporting a Vulnerability

Do not open a public GitHub issue for security vulnerabilities.

Use GitHub private vulnerability reporting (preferred):

https://github.com/org-event/OpenPolySphere/security/advisories/new

Maintainers can also publish coordinated disclosures via Security Advisories.

We aim to acknowledge valid reports within 7 days and share a remediation timeline once confirmed.

Automated Security

This repository is monitored with:

  • Dependabot (dependency CVE alerts and update PRs)
  • CodeQL static analysis (Rust, JavaScript, GitHub Actions workflows)
  • cargo audit / bun audit in CI
  • Dependency review on pull requests
  • Secret scanning and push protection (GitHub)

There aren't any published security advisories