We support security fixes for the latest released version and the current main branch.

Please report security issues privately.

• Preferred: open a GitHub Security Advisory for this repository.
• Avoid public issues or discussions for sensitive reports.
• Include clear reproduction steps, impact, affected versions, and any safe proof of concept.
• Do not include secrets, access keys, or sensitive customer data in reports.

We will acknowledge receipt and coordinate a fix and disclosure timeline.

In scope:

• The Cyntrisec CLI source code and released packages.
• CLI commands, output formats, and storage behavior in this repo.

Out of scope:

• Third-party dependencies (please report those to the upstream project).
• Social engineering or physical attacks.