Please report security issues privately to security@pametan.co rather than opening a public issue. We aim to acknowledge reports within 2 business days.

Relevant concerns include:

• A rule that reports a violation as satisfied (or vice versa) — a correctness bug that could give false comfort about an obligation.
• Manifest parsing that could be abused (e.g. resource exhaustion on a crafted YAML file).

Use synthetic/example data in any report — never real customer or product data.

conc-lint is an engineering aid, not a compliance attestation. A clean run does not mean you are compliant. See the README disclaimer.

The latest published minor version receives fixes. Until a 1.0 release, the API is stable but not yet frozen.