| Version | Supported |
|---|---|
| 0.1.x | ✅ |
We take the security of RAGuard seriously. If you believe you have found a security vulnerability, please report it to us as described below.
Please do NOT report security vulnerabilities through public GitHub issues.
Instead, please report them via:
- GitHub Security Advisories: Go to the Security tab and create a private advisory.
- Email: Send an email to Carlos@AIAgentObservatory.org with the subject "[RAGuard Security]".
Please include the following information:
- Type of issue (e.g., buffer overflow, SQL injection, cross-site scripting, etc.)
- Full paths of source file(s) related to the manifestation of the issue
- The location of the affected source code (tag/branch/commit or direct URL)
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the issue, including how an attacker might exploit it
- Acknowledgment: Within 48 hours of receiving your report.
- Initial assessment: Within 7 days.
- Fix development: Within 30 days for critical issues.
- Public disclosure: Coordinated with you after a fix is available.
This security policy applies to:
- The RAGuard scanner core functionality
- CLI interface
- Report generation
- Policy generation
- Vulnerabilities in third-party dependencies (please report to the respective projects)
- Issues in development/test environments only
- English
We appreciate responsible disclosure and will acknowledge contributors in our release notes (unless you prefer to remain anonymous).