GiBaTron is kernel build tooling that handles:

• Scanner: runs as root on target machines, collects hardware data
• Builder: executes make, applies patches, runs subprocess commands
• Orchestrator: invokes fetch_command from project manifests

Security issues include: command injection in subprocess calls, path traversal, credential exposure in scan reports, unauthorized code execution via malicious patches or manifests.

Scanner bugs are elevated priority — the scanner runs with root privileges on production machines.

Do not open a public issue.

Email: jpdborgna@gmail.com

Include:

• Description of the vulnerability
• Steps to reproduce
• Affected component (scanner, builder, configurator, orchestrator, tester)
• Severity assessment (your best guess is fine)

• Acknowledge: within 1 week
• Assess: severity classification within 15 business days
• Patch: critical issues within 21 days, others within 90 days
• Disclose: coordinated disclosure after patch is available