If you see a vulnerability with allstar, report it to the allstar repository: https://github.com/ossf/allstar

If you see an issue with the configuration of allstar for the GoogleContainerTools organization:

1. you can report privately if required, by following Github's private disclosure mechanism
2. you can report publicly by opening an pull request or filing a bug and an org maintainer will take a look