<!--
 Copyright 2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH.
 SPDX-License-Identifier: MIT
-->

# Security policy

## Reporting a vulnerability

You can report a vulnerability or anomaly to the maintaining team. This will initiate the process of coordinated vulnerability disclosure. The team will then endeavor to develop security patches within a week if possible. The vulnerability will then be publicized as part of the next release. If you wish, you can also be published as a reporter.

* You can send your report to the following e-mail address: [security@zendis.de](mailto:security@zendis.de)

* You can also create a [confidential issue in this repository](https://gitlab.opencode.de/open-code/badgebackend/gitlab-profile/-/issues/new?issue[confidential]=on&issuable_template=security-advisory).