Security fixes are applied only to the latest released version of CommitGuard.
| Version | Supported |
|---|---|
| latest | ✅ Yes |
| older | ❌ No |
Please upgrade to the latest version before reporting issues.
If you discover a security vulnerability, please report it privately.
Do NOT open a public issue.
Instead, use one of the following options:
-
GitHub Security Advisories (preferred): https://github.com/SanyaKor/CommitGuard/security/advisories/new
-
Or contact via email: allebedev.work@gmail.com
You can expect an initial response within 72 hours.
If the report is confirmed as a vulnerability, we will:
- acknowledge the issue
- work on a fix
- coordinate disclosure if needed
If the report is not accepted as a security issue, we will explain why.
This policy applies to:
- the CommitGuard CLI tool
- the GitHub Action
- LLM integration logic
- secret detection logic
It does not cover:
- vulnerabilities in third-party dependencies
- issues caused by misconfiguration of CI or GitHub permissions