Skip to content

Security: warpdotdev/fraud-detection-agent-oss

SECURITY.md

Security Policy

Reporting a Vulnerability

Please do not open public GitHub issues for security vulnerabilities.

If you discover a security issue in this project, report it privately so it can be addressed before public disclosure.

  • Preferred: GitHub Security Advisories — open a private report via this repository's Security → Report a vulnerability tab (works for any fork; no email setup needed).
  • Optional email contact — maintainers of a fork may add their own security email here (e.g. security@your-domain.example). Omit it to rely solely on GitHub Security Advisories.

Please include:

  • A description of the issue and its potential impact
  • Steps to reproduce (proof-of-concept if available)
  • Any relevant logs, configuration, or environment details (with secrets redacted)

We will acknowledge your report, investigate, and keep you informed of the resolution. We appreciate responsible disclosure and will credit reporters who wish to be acknowledged.

Scope and Handling Notes

  • This repository is a fraud-detection automation toolkit intended to be run against your own data sources. It ships no credentials; all secrets are supplied at runtime via environment variables.
  • Never commit real user data, credentials, or internal infrastructure identifiers. Use placeholders (e.g. user@example.com, YOUR_GCP_PROJECT).
  • Report any accidental exposure of secrets or personal data to the security contact above so credentials can be rotated and data handled appropriately.

There aren't any published security advisories