If you discover a security vulnerability in this project, please open a GitHub Security Advisory.

Please do not disclose security vulnerabilities publicly until a fix has been released.

• Semgrep static analysis on every PR
• CodeQL security scanning weekly
• Gitleaks secret detection on every push
• Dependabot automated dependency updates
• Branch protection with required CI checks