If you discover a security vulnerability, please report it responsibly via email:
Please do not open a public GitHub issue for security vulnerabilities.
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- I will acknowledge your report within 48 hours
- I will provide a fix or mitigation plan within 7 days
- Credit will be given in the release notes (unless you prefer to remain anonymous)
This policy covers:
- The BLE Scale Sync application (
src/) - Docker image and entrypoint
- GitHub Actions workflows
- Documentation site (blescalesync.dev)
Out of scope:
- Third-party dependencies (report upstream)
- The Garmin Connect API or other external services