This is the default security policy for all muntianus / PerfOpsLab repositories that do not define their own SECURITY.md.

Please do not open a public issue for security problems.

• Use GitHub Private Vulnerability Reporting ("Report a vulnerability" on the repository's Security tab), or
• email the maintainer at the address on the org profile.

Include: affected repo, version/commit, reproduction steps, and impact. We aim to acknowledge within 3 business days and to provide a remediation timeline after triage.

Unless a repository states otherwise, only the latest commit on the default branch is supported.

• Never commit secrets. Use environment variables, GitHub Actions secrets, or the deployment secret store.
• All repositories run a gitleaks / security-gate check in CI; do not bypass it. If a secret is committed, rotate it immediately and purge history.
• Report suspected leaked credentials through the private channel above.

Applies to source code, CI/CD workflows, infrastructure-as-code, and deployment configuration in this organization's repositories.