If you discover a security vulnerability in GuardOS, please report it privately via GitHub:
This ensures responsible disclosure and coordinated fixes with the core team.
- Vulnerabilities are reviewed privately
- Fixes are published along with public advisories
- Contributors may be credited if they opt in
GuardOS is protected by the following GitHub security features:
- 🔐 Private vulnerability reporting
- 📢 Security advisories
- 🧠 CodeQL static code analysis
- 🤖 Copilot Autofix (for core and third-party tools)
- 📦 Dependabot alerts & updates
- 🕵️ Secret scanning
These help maintain security and transparency for the community.
This policy applies to the core GuardOS project, build pipeline, and packaging.
Third-party dependency issues should be reported upstream if possible.