At Ryuu's Forge, we take security seriously. This document outlines how to report vulnerabilities and what to expect from our team.

If you believe you have discovered a security vulnerability, please do NOT open a public issue. We encourage responsible disclosure directly to our security team.

You can report vulnerabilities by creating an advisory directly in GitHub, or by emailing our security team at security@ryuu.gg.

When reporting a vulnerability, please provide a comprehensive report that includes:

Description: A clear explanation of the vulnerability and how it affects the system.

Reproduction: Detailed steps that allow us to reproduce the issue in a controlled environment.

Impact Assessment: Your analysis of how this vulnerability could potentially impact users or systems.

Suggested Fix: If you have ideas for resolving the issue, we welcome your insights.

Contact Information: Your GitHub username or email address so we can acknowledge your contribution and follow up if needed.

We take all legitimate reports seriously and will investigate them promptly. Our security team follows a structured process:

Initial Assessment: You'll receive an acknowledgment within 48 hours confirming we've received your report and are evaluating its validity.

Regular Updates: Throughout the investigation and remediation process, we'll provide updates approximately every 5 days to keep you informed of our progress.

Coordinated Disclosure: Once a fix is implemented, we'll work with you to coordinate the public disclosure of the vulnerability. Your input on timing and disclosure details is valuable to us.

Recognition: With your permission, we'll acknowledge your contribution in the security advisory and release notes.

This security policy covers the entire Ryuu's Forge ecosystem:

Core CLI: The Ryuu's Forge command-line interface and all its components, including templates, generators, and utilities.

Documentation: Our official documentation websites, API references, and integration guides hosted at forge.ryuu.gg.

We communicate security updates through these official channels:

GitHub Advisories: All security updates are published as GitHub Security Advisories in our repository.

Discord Community: Important security announcements are shared in our Discord community.

Release Notes: Detailed information about security fixes is included in our release notes.

We value the security research community and are committed to acknowledging those who help improve our security posture. With your permission, we'll recognize your contribution in the official channels above.

Thank you for helping keep Ryuu's Forge and our community secure.