If you discover a security vulnerability in review-codecommit, please report it responsibly.

Do NOT open a public GitHub issue for security vulnerabilities.

Instead, please use GitHub Security Advisories to report the vulnerability privately.

You should receive a response within 72 hours. If the vulnerability is confirmed, a fix will be released as soon as possible.

• review-codecommit uses the AWS SDK credential chain. No credentials are stored or transmitted by the application itself.
• All AWS API calls are made through the official @aws-sdk/client-codecommit SDK.
• Error messages are sanitized to prevent leaking AWS account IDs or resource ARNs.