# Security

Report security issues privately to the repository owner.

## Runtime Access

This service reads Dockge stack files and Docker Engine image metadata. Mounting the Docker socket gives broad host-level power to any process with write access to it, so deploy this service only in trusted environments and keep the socket mount read-only at the container level.

## Secrets

Do not commit registry credentials, Gitea tokens, `.env` files, private keys, certificates, or Docker config files.