Skip to content

Security: thuanvd378/ossmark

Security

SECURITY.md

Security

OSSMark is not a security scanner, but security reports about OSSMark itself are welcome.

Reporting

Please do not open a public issue for a suspected vulnerability. Contact the maintainer privately after the GitHub repository is created, then include:

  • A concise description.
  • Reproduction steps.
  • Impact assessment.
  • Suggested fix if known.

Scope

In scope:

  • Bugs that expose local file contents unexpectedly.
  • Report generation issues that leak secrets from audited repositories.
  • CLI behavior that executes untrusted project commands.

Out of scope:

  • Missing deep dependency vulnerability checks.
  • Findings from third-party scanners against example fixtures.

There aren't any published security advisories