mirror of
https://github.com/lunchcat/sif.git
synced 2026-03-12 21:23:04 -07:00
16 lines
509 B
Markdown
16 lines
509 B
Markdown
# security policy
|
|
|
|
## reporting a vulnerability
|
|
|
|
if you find a security issue in sif, email celeste@linux.com directly.
|
|
don't open a public issue.
|
|
|
|
expect a response within 48 hours. if it's confirmed, i'll push a fix
|
|
and credit you in the release notes (unless you'd rather stay anonymous).
|
|
|
|
## scope
|
|
|
|
sif is a pentesting tool — "it can scan things" is not a vulnerability.
|
|
actual bugs: command injection in user input handling, path traversal in
|
|
template extraction, credential leaks, that kind of thing.
|