Skip to content

Security: deepagent-ltd/deepagent-code-enterprise

Security

SECURITY.md

Security Policy

Reporting a vulnerability

Please report security vulnerabilities privately. Do not open a public issue or discussion before maintainers have had a reasonable opportunity to investigate and release a fix.

Use the private vulnerability reporting channel in the affected repository's Security tab when it is available. If that repository documents another private security contact, use that channel instead.

Include:

  • the affected product, version, and environment;
  • the security impact and expected threat model;
  • minimal reproduction steps or a proof of concept;
  • relevant logs with secrets and personal data removed;
  • any suggested mitigation, if known.

Do not send live credentials, private keys, customer data, or access tokens. We will acknowledge a usable report, coordinate validation and remediation, and credit reporters when requested and appropriate.

Supported versions

Support windows are defined by each project. Unless a repository states otherwise, security fixes target the latest published release and the default development branch.

Scope

Security reports should concern DeepAgent software or infrastructure operated by DeepAgent. Reports about third-party services should be sent to the relevant provider.

There aren't any published security advisories