SECURITY.md

if you find a security issue in sif, emailceleste@linux.com directly.don't open a public issue.

expect a response within 48 hours. if it's confirmed, i'll push a fixand credit you in the release notes (unless you'd rather stay anonymous).

sif is a pentesting tool — "it can scan things" is not a vulnerability.actual bugs: command injection in user input handling, path traversal intemplate extraction, credential leaks, that kind of thing.

There aren’t any published security advisories