<!--
 Copyright 2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH.
 SPDX-License-Identifier: MIT
-->

# Security Policy

## Reporting a Vulnerability

When reporting a vulnerability, you can use GitLabs confidential Issues. Just navigate to the [create a confidential issue](https://gitlab.opencode.de/open-code/badgebackend/badge-api-documentation/-/issues/new?confidential=true) page. This way, maintainers will privately notified first. Afterwards, in a best-case scenario, if the vulnerability is fixed, the report will be made public.

Alternatively, you can report a vulnerability or anomaly to the product development team. This initiates the procedure of a Coordinated Vulnerability Disclosure. The team will then endeavour to develop security patches within a week if possible. The vulnerability is then made public in the course of their publication. If you wish, you can also be published as a reporter.

```text
Contact: mailto:security@zendis.de
Contact: mailto:product-security@zendis.de
Expires: 2025-06-01T21:59:00.000Z
Preferred-Languages: de,en
Canonical: https://zendis.de/security.txt
Hiring: https://zendis.de/karriere
```