Please do not create a public issue to report a vulnerability.

If you discover a security issue or vulnerability:

• Email: security@synchronized.tv
• Message: Slack #alert-security
• For confirmed incidents: use Incident.io

We respond within one business day (24h).

• Dependabot, CodeQL, and Secret Scanning are active on all repositories.
• Alerts are automatically forwarded to Slack #alert-security.
• Confirmed incidents are tracked in Incident.io until resolution.

Sensitive procedures (e.g., token rotation, audit logs) are managed in the private repository Synchronized-TV/.internal.