Skip to content

Security: getprovenant/provenant-action

Security

SECURITY.md

Security Policy

This repository is the GitHub Action wrapper for Provenant. Most security-relevant behavior lives in the scanner itself; please report issues through the main project's policy.

Reporting a Vulnerability

Do not disclose suspected security issues in public issues, discussions, or pull requests first.

  • Prefer GitHub's private vulnerability reporting flow on this repository, or report through the main project's policy: https://github.com/getprovenant/provenant/security/policy.
  • If a private reporting path is not available, open a minimal public issue requesting a secure contact channel, without exploit details or proof-of-concept code.

Please allow a reasonable window for a fix before any public disclosure.

There aren't any published security advisories