Skip to content

Security: WRG-11/devguard-scan

SECURITY.md

Security Policy

Supported Versions

Version Supported
Latest release on main Yes
Older versions No

Reporting a Vulnerability

If you discover a security vulnerability in devguard-scan (the browser-side scanning engine, parity harness, or this repository's workflows), please report it responsibly.

Do not open a public issue.

Instead, please use GitHub's private vulnerability reporting or email detectionfrontier@proton.me.

What to include

  • Description of the vulnerability
  • Steps to reproduce
  • Affected surface (scan engine / parity harness / workflow / docs)
  • Potential impact
  • Suggested fix or mitigation, if any

Response timeline

  • Acknowledgment: within 48 hours
  • Initial assessment: within 1 week
  • Fix (if confirmed): as soon as practical, typically within 2 weeks

Scope

This policy covers the devguard-scan static scanner (browser JS engine and parity harness). The canonical Python detection engine lives in WRG-11/wrg-devguard — report findings against the shared rule patterns there.

There aren't any published security advisories