If you discover a security vulnerability in GuardOS, please report it privately via GitHub:
This ensures responsible disclosure and coordinated fixes with the core team.
- Vulnerabilities are reviewed privately
- Fixes are published along with public advisories
- Contributors may be credited if they opt in
GuardOS is protected by the following GitHub security features:
- π Private vulnerability reporting
- π’ Security advisories
- π§ CodeQL static code analysis
- π€ Copilot Autofix (for core and third-party tools)
- π¦ Dependabot alerts & updates
- π΅οΈ Secret scanning
These help maintain security and transparency for the community.
This policy applies to the core GuardOS project, build pipeline, and packaging.
Third-party dependency issues should be reported upstream if possible.