mirror of
https://github.com/AgentSeal/codeburn.git
synced 2026-05-17 03:56:45 +00:00
15334fac67
The installer now downloads and verifies a .sha256 companion file before extracting and launching the menubar app. Build script and CI workflow generate the checksum alongside the zip. Adds SECURITY.md with reporting instructions. Addresses #215.
21 lines
655 B
Markdown
21 lines
655 B
Markdown
# Security Policy
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
Please report security vulnerabilities via [GitHub's private vulnerability reporting](https://github.com/getagentseal/codeburn/security/advisories/new).
|
|
|
|
Do not open a public issue for security vulnerabilities.
|
|
|
|
## Scope
|
|
|
|
Security reports are welcome for:
|
|
|
|
- The CLI (`src/`)
|
|
- The menubar installer (`src/menubar-installer.ts`)
|
|
- The macOS menubar app (`mac/`)
|
|
- The desktop app (`desktop/`)
|
|
- CI/CD workflows (`.github/workflows/`)
|
|
|
|
## Release Integrity
|
|
|
|
Menubar release assets include a `.sha256` checksum file. The installer verifies the checksum before extracting and launching the downloaded bundle.
|