Skip to content

Security: WJH-makers/.github

Security

SECURITY.md

Security Policy

Supported scope

Public repositories under this account are maintained on a best-effort basis. Security fixes are prioritized for active projects and reusable templates.

Reporting a vulnerability

Please do not open a public issue for vulnerabilities, leaked credentials, database URIs, private keys, or exploitable bugs.

Preferred reporting path:

  1. Use GitHub private vulnerability reporting on the affected repository if it is enabled.
  2. If private reporting is not available, contact the maintainer through a private channel listed on the profile.

Include affected repository/commit, vulnerability type, impact, reproduction steps, and whether credentials or private data may be exposed.

Secret handling

If you accidentally expose a secret:

  1. Revoke or rotate the secret immediately.
  2. Remove it from code and configuration.
  3. Treat git history as compromised unless the secret was never pushed.
  4. Prefer environment variables or GitHub Actions secrets for future use.

No bounty program is promised unless a repository explicitly says otherwise.

There aren't any published security advisories