Do NOT open a public issue for security vulnerabilities.
Please report security vulnerabilities by emailing security@codercops.com. Include:
- A description of the vulnerability
- Steps to reproduce the issue
- The potential impact
- Any suggested fix (optional)
- Acknowledgment: Within 48 hours of your report
- Initial response: Within 5 business days with an assessment and planned fix timeline
- Resolution: Security patches are prioritized and released as soon as possible
The following are in scope for security reports:
- The OGCOPS web application at og.codercops.com
- The
/api/og,/api/preview, and/api/templatesAPI endpoints - This GitHub repository (source code, CI/CD, dependencies)
The following are out of scope:
- Denial of service attacks
- Social engineering
- Issues in third-party dependencies (report these upstream)
| Version | Supported |
|---|---|
| Latest (production branch) | Yes |
| Older releases | No |
We appreciate responsible disclosure. Contributors who report valid vulnerabilities will be credited in the changelog (unless they prefer to remain anonymous).