This document describes the security procedures and general policies for the GrimoireLab project.

The GrimoireLab maintainers take all security issues in the project seriously. Thank you for improving the security of our project. We appreciate your efforts to responsible disclose your findings, and will make every effort to acknowledge your contributions.

Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.

Instead, use the GitHub Security Advisory Report a Vulnerability tab.

Here are some helpful details to include in your report:

• A detailed description of the vulnerability.
• The steps required to reproduce the vulnerability.
• Any suggested fixes or mitigations.

To learn more about how to submit a vulnerability report, please check the GitHub's documentation on private reporting.

The GrimoireLab team will respond to your report indicating the next steps. We will keep you informed of the progress addressing the vulnerability, and may ask for additional information or guidance.