# Security Policy

## Reporting a Vulnerability

If you find a potential security vulnerability in bootc, please report it by following these steps:

### 1. **Use the GitHub Security Tab**
This repository is set up to allow vulnerability reports through GitHub's Security Advisories feature. To report a vulnerability:

1. Navigate to the repository's main page.
2. Select the [**Security**](https://github.com/bootc-dev/bootc/security) tab.
3. Select **Advisories** from the left-hand sidebar.
4. Click on **Report a vulnerability**.
5. Fill in the required details and submit the report.

Following this process will create a private advisory for our maintainers to review.

### 2. **Do Not Open Public Pull Requests, Issues, or Discussions**
Please **do not** discuss the issue, create PRs, or start discussions about the vulnerability. This ensures the vulnerability is not widely exploited before a fix is provided.