MeshGuard takes security seriously. We appreciate your help in keeping MeshGuard and our users safe.
Please do not report security vulnerabilities through public GitHub issues.
Instead, report security vulnerabilities via email to:
Please include as much of the following information as possible:
- Type of vulnerability (e.g., authentication bypass, injection, data exposure)
- Affected component (Gateway, SDK, Dashboard, etc.)
- Steps to reproduce the vulnerability
- Proof of concept code or screenshots, if available
- Potential impact of the vulnerability
- Suggested remediation if you have one
- Acknowledgment — We will acknowledge receipt within 48 hours
- Assessment — Our security team will assess the vulnerability
- Updates — We will keep you informed of our progress
- Resolution — We aim to resolve critical issues within 7 days
- Credit — With your permission, we will credit you in our security acknowledgments
- MeshGuard Gateway
- MeshGuard SDKs (Node.js, Python, Go)
- dashboard.meshguard.app
- api.meshguard.app
- Authentication and authorization systems
- Data handling and encryption
- Third-party services and integrations
- Social engineering attacks
- Physical attacks
- Issues in services we don't control
- Denial of service attacks
We support responsible disclosure. If you:
- Act in good faith
- Avoid privacy violations and data destruction
- Do not exploit vulnerabilities beyond what is necessary to demonstrate them
- Report vulnerabilities promptly
We commit to:
- Not pursue legal action against you
- Work with you to understand and resolve the issue
- Acknowledge your contribution (with your permission)
When using MeshGuard, we recommend:
- Rotate API keys regularly and after any suspected compromise
- Use environment variables for credentials — never commit them to code
- Enable audit logging to monitor agent activity
- Implement least-privilege policies for agent permissions
- Monitor the status page at status.meshguard.app
- Security issues: security@meshguard.app
- General support: support@meshguard.app
- Documentation: docs.meshguard.app
Thank you for helping keep MeshGuard secure.