Skip to content

Security: dotanuki-labs/norris

Security

SECURITY.md

Security Policies

Best practices

Dotanuki actively cares about Open Source Security and Quality.

  • Almost all of our projects keep dependencies up-to-date with Renovate Bot, merging PRs automatically with Mergify
  • We track dependency graphs and/or SBOM files as part of CI executions
  • We release manually and careful review what's being shipped every release
  • We invest into Open Source Best Practices
  • We invest into Security Scorecards

Reporting a Vulnerability

Warning

DO NOT raise GitHub issues to report a security vulnerabilities.

Please report potential security issues affecting any of our projects to dotanuki.labs@proton.me, preferably with a proof of concept.

You will receive a response from us within 24 hours. If the issue is confirmed, we will release a patch as soon as possible.

Non-vulnerability-related security issues such as new ideas for security features are welcome on GitHub Issues.

There aren’t any published security advisories