| Version | Supported |
|---|---|
| v1.x | Yes |
If you discover a security vulnerability in this action, please report it responsibly.
Do NOT open a public GitHub issue for security vulnerabilities.
Instead, please email: dikshant-devops (via GitHub private vulnerability reporting)
Or use GitHub's built-in private vulnerability reporting:
- Go to the Security tab
- Click Report a vulnerability
- Fill in the details
- Acknowledgement within 48 hours.
- A fix or mitigation plan within 7 days for critical issues.
- Credit in the release notes (unless you prefer to remain anonymous).
This policy covers:
- The GitHub Action code in this repository (
src/,action.yml,Dockerfile). - The Docker image built and published from this repository.
- GitHub Actions workflow files in
.github/workflows/.
Out of scope:
- Vulnerabilities in upstream dependencies (PyGithub, Python, git) -- please report those to the respective projects.