Dotanuki actively cares about Open Source Security and Quality.
- Almost all of our projects keep dependencies up-to-date with Renovate Bot, merging PRs automatically with Mergify
- We track dependency graphs and/or SBOM files as part of CI executions
- We release manually and careful review what's being shipped every release
- We invest into Open Source Best Practices
- We invest into Security Scorecards
Warning
DO NOT raise GitHub issues to report a security vulnerabilities.
Please report potential security issues affecting any of our projects to [email protected], preferably with a proof of concept.
You will receive a response from us within 24 hours. If the issue is confirmed, we will release a patch as soon as possible.
Non-vulnerability-related security issues such as new ideas for security features are welcome on GitHub Issues.