If you see a vulnerability with allstar, report it to the allstar repository: https://github.com/ossf/allstar
If you see an issue with the configuration of allstar for the GoogleContainerTools organization:
- you can report privately if required, by following Github's private disclosure mechanism
- you can report publicly by opening an pull request or filing a bug and an org maintainer will take a look