Public Access
96c7bd9e46
- mokoconsulting-tech → MokoConsulting across all docs - github.com → git.mokoconsulting.tech - CLI examples updated with new org name Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
52 lines
1.3 KiB
Markdown
52 lines
1.3 KiB
Markdown
---
|
|
name: Security Vulnerability Report
|
|
about: Report a security vulnerability (use only for non-critical issues)
|
|
title: '[SECURITY] '
|
|
labels: 'security'
|
|
assignees: ''
|
|
|
|
---
|
|
|
|
|
|
## ⚠️ IMPORTANT: Private Disclosure Required
|
|
|
|
**For critical security vulnerabilities, DO NOT use this template.**
|
|
Follow the process in [SECURITY.md](../SECURITY.md) for responsible disclosure.
|
|
|
|
Use this template only for:
|
|
- Security improvements
|
|
- Non-critical security suggestions
|
|
- Security documentation updates
|
|
|
|
---
|
|
|
|
## Security Issue
|
|
|
|
**Severity**:
|
|
<!-- Low, Medium, or informational only -->
|
|
|
|
## Description
|
|
<!-- Describe the security concern or improvement suggestion -->
|
|
|
|
## Affected Components
|
|
<!-- List the affected files, features, or components -->
|
|
|
|
## Suggested Mitigation
|
|
<!-- Describe how this could be addressed -->
|
|
|
|
## Standards Reference
|
|
Does this relate to security standards in [MokoStandards](https://git.mokoconsulting.tech/MokoConsulting/MokoStandards)?
|
|
- [ ] SPDX license identifiers
|
|
- [ ] Secret management
|
|
- [ ] Dependency security
|
|
- [ ] Access control
|
|
- [ ] Other: [specify]
|
|
|
|
## Additional Context
|
|
<!-- Add any other context about the security concern -->
|
|
|
|
## Checklist
|
|
- [ ] This is NOT a critical vulnerability requiring private disclosure
|
|
- [ ] I have reviewed the SECURITY.md policy
|
|
- [ ] I have provided sufficient detail for evaluation
|