13 lines
587 B
Markdown
13 lines
587 B
Markdown
# Security Policy
|
|
|
|
If you have discovered a security vulnerability, please refer to [our website](https://quad4.io/security) for the latest security reporting procedures and guidelines.
|
|
|
|
## Vulnerability Management
|
|
|
|
- We use [OSV](https://osv.dev/) to scan for package vulnerabilities in our dependencies.
|
|
|
|
## Dependency and Supply Chain
|
|
|
|
- All GitHub Actions used are forked and hosted on our Gitea instance, view them here https://git.quad4.io/actions.
|
|
- Actions are referenced using full URLs and cryptographically pinned to specific commit hashes for enhanced supply chain security.
|