Skip to content

Security: sourcery-ai/copybara-action

Security

docs/SECURITY.md

Security Policy

Although we do our best to keep Copybara Action secure. Vulnerabilities can happen. If you think you found a vulnerability, we appreciate your efforts to responsibly disclose your findings.

Reporting a Vulnerability

Report security bugs by contacting us on [email protected]. Report all other bugs on our GitHub issues page.

If you are not sure, don’t worry. Better safe than sorry – just get in touch. Do not open issues related to any security concerns publicly.

When reporting an issue, include as much information as possible, but no need to fill fancy forms or answer tedious questions. Just tell us what you found, how to reproduce it, and any concerns you have about it. We will respond as soon as possible and follow up with any missing information.

We will acknowledge your email and will send a more detailed response shortly after that indicating the next steps in handling your report. After the initial reply to your report, we will endeavor to keep you informed of the progress towards a fix, and may ask for additional information or guidance.

We take all security bugs seriously. Thank you for helping us improve the security of Copybara Action, we will make every effort to acknowledge your contributions.

Please report security bugs in third-party modules to the person or team maintaining the module.

Disclosure Policy

When we receive a security bug report, we will assign it to a primary handler. This person will coordinate the fix and release process, involving the following steps:

  1. Confirm the problem and determine the affected releases.
  2. Audit code to find any potential similar problems.
  3. Prepare fixes for all affected releases still under maintenance.
  4. Review and release these fixes as fast as possible.

Comments on this Policy

If you have suggestions on how this process could be improved please submit a pull request.

There aren’t any published security advisories