Skip to content

Security: DataGuard-team/DataGuard

Security

SECURITY.md

Security Policy

Supported Versions

Security support is provided only for publicly distributed versions of DataGuard.

Version Supported
Current Marketplace Version
Current Release Package (.vsix)
Older Versions

Only the most recent publicly available version is considered supported.


Reporting a Vulnerability

If you discover a security issue affecting DataGuard, please report it responsibly.

Do not disclose vulnerabilities publicly before review.

Submit a report containing:

  • Description of the issue

  • Steps to reproduce

  • Expected behavior

  • Actual behavior

  • Environment details:

    • Operating system
    • VS Code version
    • Python version
    • Extension version
  • Screenshots or logs (if applicable)

Send reports through:

  • GitHub Security Advisories (preferred if enabled)
  • Repository Issues (only for non-sensitive reports)
  • Project contact channel

Scope

Examples of issues that may qualify:

  • Unauthorized data access
  • Local file handling vulnerabilities
  • Unsafe execution behavior
  • Credential exposure
  • Extension privilege escalation
  • Dependency-related security concerns
  • AI integration security concerns

Examples that generally do not qualify:

  • Missing feature requests
  • UI preferences
  • Performance concerns without security impact
  • Third-party provider outages
  • Unsupported versions

Privacy & Data Handling

DataGuard follows a local-first design.

Core dataset processing is performed locally.

Optional AI functionality is only executed after explicit user configuration.

Users remain responsible for reviewing external AI provider policies before transmitting any data.


Disclosure Process

After receiving a report:

  1. Acknowledge receipt
  2. Validate impact
  3. Prepare remediation
  4. Publish fixes when available

Disclosure timelines may vary depending on severity and release schedules.


Thank you for helping improve the reliability and security of DataGuard.

There aren't any published security advisories