Hugging Face's logo

Spaces:
suryanshp1
/
code-reviewer-ci
Sleeping

App Files Community
code-reviewer-ci / SECURITY.md
github-actions[bot]
Deploy from GitHub commit 657c35a
2b13b7a
preview code
|
raw
history blame contribute delete
1.83 kB

Security Policy

Supported Versions

Use this section to tell people about which versions of your project are currently being supported with security updates.

Version Supported
1.0.x :white_check_mark:
< 1.0 :x:

Reporting a Vulnerability

We take the security of our software seriously. If you believe you have found a security vulnerability in the Code Reviewer CI Agent, please report it to us as described below.

DO NOT report security vulnerabilities through public issues.

Reporting Process

  1. Private Reporting: Please report the vulnerability privately via GitHub Security Advisories or by emailing [INSERT EMAIL ADDRESS].
  2. Details: Please include as much information as possible, including:
    • Type of vulnerability (e.g., XSS, SQL Injection, RCE)
    • Full path or URL where the vulnerability occurs
    • Proof of Concept (PoC) code or steps to reproduce
    • Any relevant logs or screenshots
  3. Response: We will acknowledge your report within 48 hours and provide an estimated timeline for triage and resolution.

Disclosure Policy

  • We ask that you do not disclose the vulnerability to the public until we have had a chance to fix it.
  • We will work to fix the vulnerability as quickly as possible.
  • Once fixed, we will publish a security advisory and credit you for the discovery (unless you prefer to remain anonymous).

Out of Scope

The following are generally considered out of scope:

  • Attacks requiring physical access to the user's device
  • Social engineering attacks
  • Denial of Service (DoS) attacks requiring massive resources

Thank you for helping keep our community safe!