The MITRE SAF team takes security seriously. If you discover a security vulnerability in this tap or one of its formulae, please report it responsibly.
- Email: saf-security@mitre.org
- GitHub: use the repository's Security tab to report privately
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact assessment
- Suggested fix (if you have one)
- Acknowledgment: within 48 hours
- Initial assessment: within 7 days
- Fix timeline: varies by severity
- Generated formulae are published only by release automation in the source project's repository, committed by the tap's publishing app — never edited by hand
- Checksums: every binary a formula installs is pinned by its sha256
from the source project's released
checksums.txt - CI:
brew test-botruns on every push and pull request - Vulnerabilities in a packaged tool should be reported to that tool's own repository (see CODEOWNERS for ownership); issues in the tap's own files belong here