Skip to content

Security: RunTimeAdmin/sbomix

Security

SECURITY.md

Security Policy

Reporting a vulnerability

Please report security vulnerabilities privately, not through public issues.

Include the affected version, a description, and reproduction steps. We aim to acknowledge reports within 3 business days and will coordinate a disclosure timeline with you after triage. Please give us a reasonable window to ship a fix before disclosing publicly.

Supported versions

Security fixes are provided for the latest published release of the sbomix npm package and the RunTimeAdmin/sbomix@v1 GitHub Action.

Scope

This policy covers the SBOMix CLI, the GitHub Action, and the hosted API at api.sbomix.com.

There aren't any published security advisories