| Version | Supported |
|---|---|
| latest | ✅ |
If you discover a security vulnerability in hotspot-bpf, please report it responsibly via GitHub Security Advisories.
Do not open a public issue for security vulnerabilities.
You can expect an initial response within 72 hours. We will work with you to understand the issue and coordinate a fix before any public disclosure.
- Dependencies are monitored by Dependabot and scanned with govulncheck
- Release artifacts are signed with cosign (keyless / Sigstore) and include an SBOM
- The project is evaluated by OpenSSF Scorecard