| Version | Supported |
|---|---|
| Latest release on main | Yes |
| Older versions | No |
If you discover a security vulnerability in devguard-scan (the browser-side
scanning engine, parity harness, or this repository's workflows), please
report it responsibly.
Do not open a public issue.
Instead, please use GitHub's private vulnerability reporting or email detectionfrontier@proton.me.
- Description of the vulnerability
- Steps to reproduce
- Affected surface (scan engine / parity harness / workflow / docs)
- Potential impact
- Suggested fix or mitigation, if any
- Acknowledgment: within 48 hours
- Initial assessment: within 1 week
- Fix (if confirmed): as soon as practical, typically within 2 weeks
This policy covers the devguard-scan static scanner (browser JS engine and
parity harness). The canonical Python detection engine lives in
WRG-11/wrg-devguard — report
findings against the shared rule patterns there.