Security

Report a vulnerability

SECURITY.md

Security Policy

Automated Scanning

This repository uses the following automated security tools on every commit:

Trivy — filesystem and container vulnerability scanning
GitHub Secret Scanning — detects accidentally committed credentials
Dependabot — monitors dependencies for known vulnerabilities
Push Protection — blocks commits containing secrets

Reporting a Vulnerability

Please do NOT open a public GitHub issue for security vulnerabilities.

Email hello@feesix.com with:

Description of the vulnerability
Steps to reproduce
Potential impact

We aim to respond within 48 hours.

Privacy

This software operates entirely on your infrastructure. Zero data is sent to external servers. See Privacy Policy.

There aren’t any published security advisories