Skip to content

Security: ncxton/potaco

Security

SECURITY.md

Security Policy

Supported Versions

Potaco is in early development. Security fixes are applied to the latest release on main only.

Reporting a Vulnerability

If you discover a security vulnerability in Potaco, please report it responsibly:

  1. Do not open a public GitHub issue.
  2. Email the maintainer via the email listed on the GitHub profile.
  3. Include a description of the vulnerability, steps to reproduce, and the potential impact.

You will receive a response within 72 hours. If the vulnerability is confirmed, a fix will be prepared and a security advisory published via GitHub Security Advisories.

Scope

Vulnerabilities in the Potaco CLI itself, its configuration handling, and its interaction with provider APIs are in scope. Vulnerabilities in third-party dependencies should be reported to the upstream maintainers.

Disclosure

We follow responsible disclosure. We ask that you give us reasonable time to fix the issue before any public disclosure.

There aren't any published security advisories