If you discover a security vulnerability in Runner Guard, please report it through GitHub's private vulnerability reporting:
Do not open a public GitHub issue for security vulnerabilities.
We will acknowledge receipt within 24 hours and provide an initial assessment within 72 hours.
| Version | Supported |
|---|---|
| 3.x | Yes |
| 2.x | Security fixes only |
| < 2.0 | No |
This policy covers:
- The Runner Guard CLI tool
- The Runner Guard GitHub Action
- The Runner Guard Docker image
- Detection rules and threat signatures
We appreciate responsible disclosure and will credit reporters in release notes unless anonymity is requested.