If you discover a security vulnerability in the Serverless Workflow Catalog, please follow these steps to report it:

1. Do Not Open Public Issues: To protect sensitive information, do not open public issues on GitHub for security vulnerabilities.

2. Use the GitHub Security Advisory Tab: To report security vulnerabilities, please use the GitHub Security Advisory tab. This feature allows you to privately report security issues and ensures they are addressed appropriately.

3. Provide Detailed Information: When submitting a report, include the following details:

   • Description: A detailed description of the vulnerability, including the nature of the issue and potential impact.
   • Reproduction Steps: Clear steps to reproduce the issue. This helps us understand and verify the vulnerability.
   • Affected Versions: Specify the versions of the Serverless Workflow Catalog that are affected by the vulnerability.
   • Proof of Concept: If possible, include a proof of concept or any evidence demonstrating the vulnerability.

4. Wait for a Response: The security team will acknowledge receipt of your report and provide updates on the status of the issue. We aim to respond to security reports within 48 hours.

5. Disclosure Process: Once the vulnerability is resolved, we will coordinate with you to disclose the issue publicly in a responsible manner. We follow a disclosure process that ensures sufficient time for mitigation before public disclosure.

We are committed to maintaining the security of the Serverless Workflow Catalog. Security updates and patches are released as necessary to address vulnerabilities and improve security. To stay informed about the latest security updates:

• Subscribe to Notifications: Watch the repository on GitHub to receive notifications about new releases and updates.
• Check Release Notes: Review the release notes for details on security fixes and changes.

To help ensure the security of your own use of the Serverless Workflow Catalog, consider the following best practices:

• Keep Dependencies Up-to-Date: Regularly update your dependencies to include the latest security patches and improvements.
• Review Code: Conduct code reviews and security assessments to identify and address potential vulnerabilities in your own contributions.
• Use Secure Practices: Follow secure coding practices and guidelines to minimize the risk of introducing security issues.

Thank you for helping to keep the Serverless Workflow DSL secure!