ScottPlot minimizes security risk by making all source code available, using only official Microsoft-backed NuGet dependencies, carefully reviewing all code contributions, building and publishing packages in the cloud with GitHub Actions, and using deterministic builds and SourceLink for all packages deployed to NuGet. Source code files and binaries built from them are scanned for vulnerabilities using the CodeQL analysis engine (see report).

Supported Versions: Security updates are applied to all major versions of ScottPlot present in this repository.

Reporting a Vulnerability: Users are encouraged to share security insights publicly by posting a GitHub issue so the discussion may benefit the open source community. Alternatively, issues may be reported privately to Scott W Harden (ScottPlot's primary maintainer) by email swharden@gmail.com