# Security Policy

## Scope

This policy covers security issues in the Docker container and associated scripts in this repository. It does not cover vulnerabilities in the Proton Bridge application itself — those should be reported directly to [Proton](https://proton.me/security).

## Reporting a Vulnerability

To report a security vulnerability in this project, please [open a GitHub issue](https://github.com/dancwilliams/protonmail-bridge-docker/issues) with the label `security`. For sensitive disclosures, you may also reach out via GitHub's private vulnerability reporting feature under the Security tab of this repository.

Please include:
- A description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested mitigations if known