Skip to content

Security: warpdotdev/social-monitoring-agent-oss

SECURITY.md

Security Policy

Reporting a vulnerability

If you discover a security vulnerability in this repository, please report it privately. Do not open a public issue for security problems.

  • Use GitHub's private vulnerability reporting ("Report a vulnerability" under the repository's Security tab), or
  • Email the maintainers at the address listed in the repository description.

Please include:

  • A description of the issue and its impact.
  • Steps to reproduce or a proof of concept.
  • Affected files, versions, or commits.

We aim to acknowledge reports within 5 business days.

Handling secrets

This project's scripts read all credentials from environment variables (see .env.example). Never commit real secrets.

  • Keep API keys, tokens, and connection strings in a local .env file (which is git-ignored) or in your secret manager.
  • Do not paste real credentials, customer data, internal identifiers, or production exports into issues, pull requests, tests, or fixtures. Use the provided synthetic samples instead.
  • If you believe a secret has been committed, treat it as compromised: rotate it immediately and notify the maintainers.

There aren't any published security advisories