If you discover a security vulnerability in any EvalOps repository, please report it responsibly.
Do not open a public GitHub issue for security vulnerabilities.
Instead, email security@evalops.dev with:
- A description of the vulnerability
- Steps to reproduce
- The affected service(s) and version(s)
- Any potential impact assessment
We will acknowledge receipt within 48 hours and provide an initial assessment within 5 business days.
We support security patches for the latest release of each actively maintained service.
This policy applies to all repositories in the evalops GitHub organization.