Please do not open a public GitHub issue for security vulnerabilities.

Report vulnerabilities privately via one of:

• GitHub private reporting: Security Advisories
• Email: security@devopscelstn.com (replace with real address before publishing)

• Description of the vulnerability and potential impact
• Steps to reproduce (minimal example preferred)
• Affected version(s)
• Any suggested fix or mitigation

• Acknowledgement: within 48 hours
• Status update: within 7 days
• Fix + disclosure: coordinated with reporter

shipguard performs read-only static analysis — it reads files and matches patterns. It does not:

• Make network requests during scans
• Store, transmit, or log file contents
• Require elevated permissions
• Execute code from scanned repositories

Findings are printed to stdout or written to a local report file only.