Primer Paso supports people navigating sensitive regularisation and vulnerability-document workflows.
Please do not report security issues in public GitHub issues.
Email: security@primerpaso.org
Please include:
- affected URL, package, or workflow
- steps to reproduce
- expected impact
- whether any data may have been exposed
We aim to acknowledge valid reports within 3 working days.
In scope:
- authentication or authorisation bypass
- cross-organisation or cross-tenant data exposure
- leakage of personal, legal, or organisation data
- certificate or document generation issues
- signing issues
- dependency, CI/CD, or deployment-chain vulnerabilities
Out of scope:
- denial of service through high-volume traffic
- social engineering
- attacks requiring compromised user devices
Primer Paso is pre-release. Security fixes are applied to the main branch.