Vulnerability Disclosure
If you believe you have found a security issue in repod, report it to support@repod.dev.
What To Include
- A concise description of the issue and affected URL or endpoint.
- Steps to reproduce, including any required account state or permissions.
- Potential impact and any evidence you can safely share.
- Your preferred contact details for follow-up.
Rules Of Engagement
- Do not access, modify, delete, or exfiltrate data that does not belong to you.
- Do not run denial-of-service tests, spam, social engineering, or physical attacks.
- Do not test against third-party systems except where they are clearly part of your own account setup.
- Give us reasonable time to investigate before public disclosure.
Response
We aim to acknowledge credible reports promptly and will prioritize issues based on severity, exploitability, and customer impact. repod does not currently operate a paid bug bounty program.
Security Contact Metadata
Automated tooling can also use /.well-known/security.txt.