| title | Security Policy | |
|---|---|---|
| artifact_type | policy | |
| status | public | |
| visibility | public | |
| classification | public | |
| owner | repository-maintainer | |
| review_cadence | semi-annual | |
| applies_to | this repository | |
| source_basis | GitHub Docs | |
| source_manifests |
|
|
| alignment_mode | direct-adaptation | |
| updated | 2026-03-27 |
Do not report unpatched or sensitive vulnerabilities through public issues.
- Report vulnerabilities privately through GitHub Security Advisories before any public disclosure.
- Use a public issue only for already-public follow-up, non-sensitive remediation tracking, or governance changes that are safe to discuss openly.
- Include enough technical detail for triage, but avoid publishing secrets, exploit steps, or undisclosed weaknesses.
This policy covers the repository instance, its GitHub-native automation surfaces, and the reusable artifacts published here.
- Source manifests:
governance__github_docs.md - Primary source basis: GitHub Docs
- Alignment mode:
direct-adaptation - Reviewed on: 2026-03-27