Skip to content

[I-01] No security-txt / vulnerability-disclosure policy published #360

Closed
#427
Closed
[I-01] No security-txt / vulnerability-disclosure policy published#360
#427
Labels
area:ciCI / tooling / scanningsecuritySecurity finding from pre-pentest auditsev:infoSeverity: Informational / Hardening
@simonjcarr

Description

@simonjcarr
simonjcarr
opened on Apr 18, 2026

Severity: Info / Hardening
Finding ID: I-01
Source: SECURITY.md

Description:
No security-txt / vulnerability-disclosure policy published.

Fix direction:
Publish /.well-known/security.txt with contact, encryption, policy URL. Add a SECURITY_DISCLOSURE.md at the repo root.

This issue tracks a finding from the pre-pentest internal code audit.

Metadata

Metadata

Assignees

No one assigned

    Labels

    area:ciCI / tooling / scanningsecuritySecurity finding from pre-pentest auditsev:infoSeverity: Informational / Hardening

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions