Rename VDP heading to Anthropic Bug Bounty

Update HackerOne links in SECURITY.md
fix: yaml.github-actions.security.run-shell-injection.run-shell-injection security vulnerability (#43824 )
2026-05-12 10:32:41 +00:00 · 2026-04-27 21:49:07 +00:00 · 2026-04-27 15:19:01 +00:00 · 2026-04-27 14:33:15 +01:00 · 2026-04-25 01:55:07 +00:00 · 2026-04-25 00:14:25 +00:00
2 changed files with 10 additions and 8 deletions
--- a/.github/workflows/claude-dedupe-issues.yml
+++ b/.github/workflows/claude-dedupe-issues.yml
@@ -38,10 +38,11 @@ jobs:
        if: always()
        env:
          STATSIG_API_KEY: ${{ secrets.STATSIG_API_KEY }}
+          ISSUE_NUMBER: ${{ github.event.issue.number || inputs.issue_number }}
+          REPO: ${{ github.repository }}
+          TRIGGERED_BY: ${{ github.event_name }}
+          WORKFLOW_RUN_ID: ${{ github.run_id }}
        run: |
-          ISSUE_NUMBER=${{ github.event.issue.number || inputs.issue_number }}
-          REPO=${{ github.repository }}
-          
          if [ -z "$STATSIG_API_KEY" ]; then
            echo "STATSIG_API_KEY not found, skipping Statsig logging"
            exit 0
@@ -51,7 +52,8 @@ jobs:
          EVENT_PAYLOAD=$(jq -n \
            --arg issue_number "$ISSUE_NUMBER" \
            --arg repo "$REPO" \
-            --arg triggered_by "${{ github.event_name }}" \
+            --arg triggered_by "$TRIGGERED_BY" \
+            --arg workflow_run_id "$WORKFLOW_RUN_ID" \
            '{
              events: [{
                eventName: "github_duplicate_comment_added",
@@ -60,7 +62,7 @@ jobs:
                  repository: $repo,
                  issue_number: ($issue_number | tonumber),
                  triggered_by: $triggered_by,
-                  workflow_run_id: "${{ github.run_id }}"
+                  workflow_run_id: $workflow_run_id
                },
                time: (now | floor | tostring)
              }]
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -5,8 +5,8 @@ Thank you for helping us keep Claude Code secure!

 The security of our systems and user data is Anthropic's top priority. We appreciate the work of security researchers acting in good faith in identifying and reporting potential vulnerabilities.

-Our security program is managed on HackerOne and we ask that any validated vulnerability in this functionality be reported through their [submission form](https://hackerone.com/anthropic-vdp/reports/new?type=team&report_type=vulnerability).
+Our security program is managed on HackerOne and we ask that any validated vulnerability in this functionality be reported through their [submission form](https://hackerone.com/4f1f16ba-10d3-4d09-9ecc-c721aad90f24/embedded_submissions/new).

-## Vulnerability Disclosure Program
+## Anthropic Bug Bounty

-Our Vulnerability Program Guidelines are defined on our [HackerOne program page](https://hackerone.com/anthropic-vdp).
+Our Bug Bounty Program Guidelines are defined on our [HackerOne program page](https://hackerone.com/anthropic).
Author	SHA1	Message	Date
Octavian Guzu	c2e4210003	Rename VDP heading to Anthropic Bug Bounty	2026-04-27 21:49:07 +00:00
Octavian Guzu	0074b4422a	Update HackerOne links in SECURITY.md	2026-04-27 15:19:01 +00:00
orbisai0security	c128568da0	fix: yaml.github-actions.security.run-shell-injection.run-shell-injection security vulnerability (#43824 ) Automated security fix generated by Orbis Security AI Co-authored-by: Ubuntu <ubuntu@ip-172-31-32-15.us-west-2.compute.internal>	2026-04-27 14:33:15 +01:00
GitHub Actions	7e936457e4	chore: Update CHANGELOG.md	2026-04-25 01:55:07 +00:00
GitHub Actions	c3933441f0	chore: Update CHANGELOG.md	2026-04-25 00:14:25 +00:00