Skip to content

Security: Niki-1337/secure-build-maven-extension

Security

SECURITY.md

Security Policy

Reporting A Vulnerability

Please report security issues privately before opening a public issue.

Use GitHub private vulnerability reporting if it is enabled for the repository. If it is not enabled yet, contact the maintainer through the public profile and request a private disclosure channel.

Scope

In scope:

  • Hardcoded credential risks.
  • Unsafe handling of CI/CD secrets.
  • Build-time behavior that can leak tokens or private repository metadata.
  • Dependency or plugin configuration that introduces a security regression.

Out of scope:

  • Findings in third-party tools that this project only invokes.
  • Requests to scan private systems.
  • Reports without enough reproduction detail.

Maintainer Notes

  • Do not request secrets in issue threads.
  • Reproduce reports with throwaway tokens and example repositories.
  • Rotate any credential immediately if it was accidentally committed.

There aren't any published security advisories