If you discover a security vulnerability in any Gilamonster Foundation repository, please report it responsibly.
Do NOT open a public issue. Instead:
- Email shawn.hartsock@gmail.com with:
- A description of the vulnerability
- Steps to reproduce
- Potential impact
- You will receive an acknowledgment within 48 hours.
- We will work with you to understand and address the issue before any public disclosure.
This policy applies to all repositories under the Gilamonster-Foundation GitHub organization.
All repositories in this org enforce:
- GitHub secret scanning with push protection
- Dependabot alerts and security updates
- CI safety gates that scan for leaked secrets and forbidden patterns
- Branch protection on
mainrequiring PR reviews and passing checks