Skip to content

Security: mizcausevic-dev/access-certification-api-dotnet

Security

SECURITY.md

Security

Support posture

This repository is a public proof surface and does not accept live tenant, user, or privileged production data.

Scope

  • synthetic access-certification and entitlement evidence only
  • read-only public demonstration routes
  • no production credentials, API keys, or tenant secrets in the repository

Disclosure notes

  • do not describe this repo as SOC 2 compliant, ISO 27001 certified, FedRAMP authorized, or otherwise audited
  • use language such as evidence posture, readiness, routing, review surface, and attestation
  • any real deployment handling customer identity data would require separate security, legal, and privacy review

Reporting

If you identify a security issue in the public code, open a private disclosure through GitHub security advisories or contact the maintainer directly before public disclosure.

There aren't any published security advisories