Please report security issues privately to the project maintainers. Do not open public issues for active vulnerabilities, leaked credentials, private datasets, or exploit details that should not be disclosed.
This project may be used with kernel POCs, VM images, SSH keys, private databases, and generated crash logs. Keep those artifacts outside version control unless they are intentionally public and redistributable.
Never commit:
src/ppatch_partner/config/config.env- VM SSH private keys
- VM images
- Private POC datasets
- PostgreSQL URLs with real credentials
- Generated crash logs or experiment outputs that contain sensitive data
Run:
rg -n "password|passwd|secret|token|api[_-]?key|PRIVATE|BEGIN" .
rg -n "/(home|mnt|Users)/" .
rg -n "[\\p{Han}]" .If a real credential was ever committed, remove it from public history before release and rotate the credential.