👋 Hi everyone! We’re @UlisesGascon and @RafaelGSS, working with the OpenJS Foundation as part of the Alpha-Omega initiative. Our focus is supporting OpenJS projects in strengthening their security posture. We can help with things like:

• Reviewing or creating security documentation (e.g., SECURITY.md, incident response plans...)
• Supporting vulnerability handling and escalation (reporting, triage, CVEs, disputes)
• Reviewing repo configurations and GitHub security settings
• Sharing best practices (e.g., OSSF Scorecard)
• Answering general questions on licenses, compliance, or incident response

✨ We’re here as a resource for the Dojo team and happy to collaborate on whatever is most useful for you. Looking forward to working together!

References:

• doc: add minimal SECURITY.md template openjs-foundation/cross-project-council#1588
• https://openjsf.org/blog/openjs-foundation-cna
• https://openjsf.org/blog/security-support-for-openjs-projects

Important

The policy suggests that reports should be submitted using the Report a Vulnerability feature. Since this option is currently unavailable, please follow the instructions