Thanks for helping make AsBuiltReport safe for everyone.

AsBuiltReport takes the security of our software products and services seriously, including all of the open source code repositories managed through our GitHub organizations, such as AsBuiltReport.

While AsBuiltReport is an open source project without a formal bug bounty program, we are committed to addressing security vulnerabilities promptly and will ensure that your findings are passed along to the appropriate maintainers for remediation.

If you believe you have found a security vulnerability in any AsBuiltReport repository, please report it to us through coordinated disclosure.

Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.

Instead, please send an email to [email protected] with the subject line "SECURITY: [Brief Description]".

Please include as much of the information listed below as you can to help us better understand and resolve the issue:

• The type of issue (e.g., code injection, credential exposure, or privilege escalation)
• Full paths of source file(s) related to the manifestation of the issue
• The location of the affected source code (tag/branch/commit or direct URL)
• Any special configuration required to reproduce the issue
• Step-by-step instructions to reproduce the issue
• Proof-of-concept or exploit code (if possible)
• Impact of the issue, including how an attacker might exploit the issue
• Affected versions of AsBuiltReport modules

This information will help us triage your report more quickly.

We aim to:

• Acknowledge receipt of your report within 72 hours
• Provide an initial assessment within 7-10 days
• Keep you informed of our progress throughout the remediation process

We follow coordinated disclosure principles:

• Security issues will be addressed in a timely manner
• We will coordinate with you on the disclosure timeline
• Public disclosure will occur after a fix is available and deployed
• We will credit reporters (unless anonymity is requested)

Please refer to individual module repositories for information on which versions are currently supported with security updates.

When using AsBuiltReport:

• Store credentials securely using appropriate credential management solutions
• Review generated reports before sharing to ensure no sensitive information is exposed
• Keep AsBuiltReport modules updated to the latest versions
• Follow the principle of least privilege when providing credentials to AsBuiltReport