Automated Vulnerability Detection & Responsible Disclosure
SecurityReportBot is an autonomous security assistant that:
β Scans GitHub repositories for vulnerabilities using SAST (Static Application Security Testing)
β Generates human-readable security reports with PoC (Proof of Concept) examples
β Submits responsible disclosures through standardized vulnerability reporting channels
π‘οΈ Strict adherence to responsible disclosure protocols
π Read-only access by default (opt-in write for auto-patches)
π Fully compliant with GitHub's Automation Guidelines
βοΈ Built with dual focus on developer experience and security rigor
We only report to repositories that have enabled GitHub security reports and have more than 1000 stars.
(If you want your repository to be included in our scan scope, please enable GitHub security reports and send your repository address to our email.)
We will conduct detailed manual verification for each new type of vulnerability detected before deploying it to the production environment. However, due to the unavoidable presence of false positives in detection, if you believe there is no security issue, you can directly close the report.
Additionally, we will manually review all dissenting responses.
π§ Email: secuityreportbot@gmail.com