Do not report security vulnerabilities through public GitHub issues.
If you discover a security vulnerability, please report it to SAP:
- Email: secure@sap.com
- PGP Key: Available at SAP Security
Include the following information:
- Type of issue (e.g., XSS, SQL injection, code execution)
- Full paths of affected source files
- Location of the affected code (tag/branch/commit)
- Step-by-step instructions to reproduce
- Proof-of-concept or exploit code (if possible)
- Impact assessment
- You will receive acknowledgment within 3 business days
- SAP will investigate and provide updates
- Once resolved, we will coordinate disclosure timing with you
This is a sample repository. Security updates apply to the latest code on the main branch only.
These samples are for learning purposes. When using in production:
- Update all dependencies regularly
- Review and test all code thoroughly
- Follow SAP security guidelines
- Enable appropriate authentication and authorization
- Validate all inputs and sanitize outputs
SAP follows coordinated vulnerability disclosure principles. We request reasonable time to address issues before public disclosure.
For more information, visit SAP Trust Center.