Skip to content

Commit 0c85e7e

Browse files
committed
docs: update SECURITY docs
1 parent c903bcd commit 0c85e7e

1 file changed

Lines changed: 2 additions & 2 deletions

File tree

SECURITY.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ After stable release, this policy will be updated with the supported major versi
1414

1515
Please do not open a public issue for a suspected vulnerability.
1616

17-
Use GitHub private vulnerability reporting for this repository. If private reporting is unavailable, open a minimal public issue asking maintainers to enable a private reporting channel, but do not include exploit details, secrets, private traffic data, or sensitive reproduction artifacts in that issue.
17+
Use GitHub [private vulnerability reporting](https://github.com/reponomics/reponomics-dashboard-action/security/advisories/new) for this repository. You will receive a response with 48 hours and we will determine the appropriate method and timeline for a resolution if a problem is identified.
1818

1919
Useful reports include:
2020

@@ -41,7 +41,7 @@ Out of scope:
4141
- denial-of-service reports without a plausible security impact;
4242
- reports that require access to a user's own GitHub token, repository settings, or dashboard secret without another vulnerability;
4343
- social engineering, phishing, or physical attacks;
44-
- vulnerability reports based only on unsupported or intentionally weakened configuration, such as opting into weak dashboard secrets.
44+
- vulnerability reports based only on unsupported or intentionally weakened configuration, such as opting into weak dashboard secrets ("casual" privacy mode).
4545

4646
## Public Pre-Release Expectations
4747

0 commit comments

Comments
 (0)