For security-related issues, please follow these guidelines:

Do not open public issues for security vulnerabilities.

Instead, report security issues privately:

1. Create a private issue on GitLab: https://gitlab.com/user4302_Projects/coding/python/lab2hub/-/issues
2. Add the "Security" label to the issue
3. Provide detailed information about the vulnerability
4. Wait for confirmation before disclosing publicly

Please include the following in your report:

• Description of the vulnerability
• Steps to reproduce the issue
• Potential impact of the vulnerability
• Any proof-of-concept code or screenshots
• Environment details (version, OS, etc.)

• Initial response: Within 48 hours
• Detailed assessment: Within 7 days
• Patch release: As soon as feasible, based on severity

• Never commit tokens to version control
• Use environment variables for sensitive data
• Rotate tokens regularly
• Use minimal required scopes for tokens

• GitLab Token: Use only api scope if needed
• GitHub Token: Use only repo scope if needed

Store sensitive data in environment variables:

# .env file (never commit)
GITLAB_TOKEN=your_token_here
GITHUB_TOKEN=your_token_here

This tool includes several security features:

• Token validation before use
• Read-only mode for safe operations
• No credential storage in configuration files
• Environment-based configuration

• Monitor for security advisories
• Update dependencies regularly
• Review token permissions periodically
• Audit access logs if available

For security-related questions:

• Open a private issue on GitLab
• Mark as "Security" for confidential handling
• Do not discuss security issues in public forums

We follow responsible disclosure principles:

• Private reporting for vulnerabilities
• Coordinated disclosure timeline
• Credit for security researchers
• Patch before disclosure when possible

Thank you for helping keep this project secure!