Version
Supported
0.5.x
✅
< 0.5
❌
Reporting a Vulnerability We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly.
DO NOT create a public GitHub issue for security vulnerabilitiesEmail security@replimap.com
Description of the vulnerability
Steps to reproduce
Potential impact assessment
Any suggested fixes (optional)
Stage
Timeline
Acknowledgment
Within 48 hours
Initial Assessment
Within 1 week
Resolution (Critical)
24-72 hours
Resolution (High)
1-2 weeks
Resolution (Medium)
2-4 weeks
Resolution (Low)
Next release cycle
Measure
Implementation
Dependency Scanning Dependabot (weekly)
Static Analysis CodeQL on every PR
Secret Scanning GitHub Advanced Security
Package Publishing OIDC Trusted Publishing (no long-lived tokens)
All traffic encrypted (TLS 1.3)
AWS credentials never stored on our servers
SOC2 Type II compliant infrastructure
Regular penetration testing
Signed commits required for releases
Branch protection on main
Required reviews from CODEOWNERS
Automated security checks in CI
We appreciate responsible disclosure. Researchers who report valid vulnerabilities will be acknowledged here (with permission).