Please do not report security vulnerabilities through public GitHub issues.
Instead, open a private security advisory on this repository. Include enough detail to reproduce the issue:
- Affected version (tag or commit SHA)
- Step-by-step reproduction
- Impact assessment and any proof-of-concept
You should expect an acknowledgement within a few days.
This repository ships the GitHub Action that downloads and caches the getsops/sops binary. Vulnerabilities in sops itself should be reported upstream at https://github.com/getsops/sops/security.