SynAPS is an active public research and engineering repository.
The repository should be treated as pre-production software and documentation, not as a validated industrial deployment artifact.
| Surface | Status | Notes |
|---|---|---|
current default branch (master) / active 0.1.x line |
best-effort security fixes | active development line |
| historical snapshots, unpublished experiments, generated artifacts | unsupported | no security-fix commitment |
Do not disclose exploitable details in a public issue, pull request, benchmark artifact, or discussion thread.
Preferred reporting route:
- use GitHub Private Vulnerability Reporting for the target public repository:
https://github.com/KonkovDV/SynAPS/security/advisories/new; - if that route is not yet enabled during a publication rehearsal, pause public disclosure until the repository security settings are finished.
- acknowledgement within 5 business days;
- follow-up status update within 14 calendar days;
- coordinated disclosure after a fix or mitigation path exists.
- include affected file paths or surfaces when possible;
- provide a minimal safe reproduction if one exists;
- avoid posting secrets, private datasets, regulated data, or exploit payloads in public channels;
- state whether the issue affects the current implementation, release packaging, or public technical claims.
The publication baseline for this repository assumes:
- GitHub Private Vulnerability Reporting is enabled;
- maintainers watch
Security alertsnotifications; - secret scanning and push protection are enabled for the public repository.
The checked-in repository automation also includes:
- pinned CodeQL advanced setup for Python, TypeScript, and Rust repository surfaces;
- OSSF Scorecards SARIF uploads into GitHub code scanning;
- dependency review on pull requests.