Skip to content

Security: DigitalWaters-fi/team_template

Security

SECURITY.md

Security Policy

Reporting a vulnerability

Do not open a public GitHub issue for security vulnerabilities.

Instead, report them privately:

  1. Go to Security → Advisories → Report a vulnerability on this repository, or
  2. Email the team lead directly at YOUR_EMAIL@YOUR_ORG

We will acknowledge your report within 48 hours and aim to resolve confirmed vulnerabilities within 14 days.


Scope

This policy covers code and configuration in this repository. Third-party dependencies are out of scope — report those to the relevant upstream project.


What to include in your report

  • Description of the vulnerability
  • Steps to reproduce
  • Potential impact
  • Any suggested fix (optional but appreciated)

There aren't any published security advisories