Please do not report security vulnerabilities through public GitHub issues.

If you believe you found a vulnerability in this example, contact Glean Support at support@glean.com and include:

• A description of the issue
• Steps to reproduce
• Any affected deployment configuration
• Whether any credentials, customer data, or Glean data may have been exposed

This repository must remain public-safe.

Do not commit:

• Glean API keys, OAuth tokens, or refresh tokens
• OAuth client secrets
• AWS access keys or session tokens
• Customer-specific Glean instance names, Agent IDs, backend URLs, or app domains
• Customer data, identity maps, saved Site output, or admin email lists

Use environment variables outside source control, AWS Secrets Manager, deployment-time configuration, or a customer's own secret-management process for deployment-specific values.

Glean Sites is a customer-deployable example. Review the generated AWS resources, OAuth configuration, admin allowlist, CORS settings, and WAF rules against your organization's requirements before production use.

For dependency updates, use the repository's CI checks and Dependabot alerts where available.