Skip to content

Security: blanzy-labs/.github

Security

SECURITY.md

Security Policy

Supported usage

Blanzy Labs repositories are local-first demonstration and developer tools unless a repository states otherwise.

Reporting vulnerabilities

If you believe you have found a vulnerability, please open a private security advisory on GitHub if available, or contact the maintainer through an appropriate non-public channel if one is provided.

Do not disclose vulnerabilities publicly before maintainers have had reasonable time to review and respond.

Do not submit real secrets, tokens, personal data, proprietary data, or client data in public issues, pull requests, discussions, or logs.

Secret exposure

If you accidentally commit a secret, revoke or rotate it immediately before opening an issue or notifying maintainers. Removing the value from a later commit does not make the exposed secret safe.

Scope

App-specific security details live in each repository's docs/security-and-privacy.md file or equivalent documentation.

Out of scope:

  • Social engineering.
  • Spam.
  • Denial-of-service testing.
  • Destructive testing.
  • Attacks on third-party model providers.
  • Attempts to access data that is not yours.

Disclaimer

Local-first apps are not hardened for public internet exposure unless explicitly stated.

There aren't any published security advisories