Neural Garage takes security seriously. We support the following versions:
| Tool | Version | Supported |
|---|---|---|
| bury | 0.1.x | ✅ |
If you discover a security vulnerability within any Neural Garage tools, please follow these steps:
- DO NOT open a public issue
- Email security details to the maintainers (use GitHub Security Advisories)
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: Within 48 hours
- Initial Assessment: Within 1 week
- Fix Timeline: Depends on severity
- Critical: Within 7 days
- High: Within 30 days
- Medium/Low: Next release cycle
- We will work with you to understand and address the issue
- We will credit you in the security advisory (unless you prefer to remain anonymous)
- We will coordinate public disclosure timing with you
- Security fixes will be released as soon as possible
When using Neural Garage tools:
- Always use the latest version
- Review generated reports before acting on them
- Be cautious with automated fixes (coming in future versions)
- Follow the principle of least privilege in CI/CD integrations
Currently, we do not have a bug bounty program, but we greatly appreciate responsible disclosure and will publicly acknowledge contributors.
For security-related concerns, please use GitHub's Security Advisory feature or contact the maintainers through GitHub.