Authoritative project documentation
Security Policy
Reporting a vulnerability
Please do not open a public GitHub issue for security vulnerabilities.
Instead, use GitHub's private vulnerability reporting for this repository:
- Go to the Security tab of this repository.
- Click Report a vulnerability.
- Describe the issue in as much detail as possible, including steps to reproduce and potential impact.
This opens a private advisory visible only to maintainers until a fix is ready, which is the preferred channel until the project has a dedicated security contact address.
Scope
ApiaryLens is early-stage and currently contains no application code — there is no running software to have a vulnerability yet. This policy is in place ahead of time so the reporting process is established before the first release. Once the platform has deployable components (self-hosted server, PWA client, API), this section will be updated with specific scope guidance (e.g. which deployment configurations are supported, which versions receive security fixes).
Supported versions
Not applicable yet — no releases exist.
Our commitment
Given ApiaryLens's privacy-first and self-hosted-first principles, security issues that could expose a beekeeper's hive, location, or business data are treated as high priority. We will acknowledge reports as promptly as possible and credit reporters (with permission) once a fix is released.