This project is currently maintained on the main branch. Security fixes (if any) are provided on the latest version available on main.

If you discover a security issue, please do not open a public GitHub issue.

Instead, report it privately:

1. Create a private message to the maintainer via GitHub (preferred), or
2. Send an email to the maintainer (if provided on the profile).

Please include:

• A clear description of the issue and potential impact
• Steps to reproduce (proof-of-concept if possible)
• Affected component(s) (file/module, command, environment)
• Any relevant logs/screenshots (sanitize secrets)

• Initial response: within 7 days
• Fix/mitigation plan: within 14 days (depending on severity and complexity)

We follow responsible disclosure. If the issue is confirmed, we will coordinate a fix and a public advisory/release notes when appropriate.

AWS Security Scout is designed to be read-only. Reports should not include secrets. Please sanitize any AWS credentials or sensitive identifiers before sharing logs or reports.