Security Policy

Reporting a Vulnerability

If you discover a security vulnerability in this project, please report it responsibly.

Do NOT open a public GitHub issue for security vulnerabilities.

Instead, please report vulnerabilities to:

Email: psirt@fortinet.com
Fortinet PSIRT: https://www.fortiguard.com/psirt-policy

What to Include

When reporting a vulnerability, please include:

Description of the vulnerability
Steps to reproduce
Potential impact
Suggested fix (if any)

Response Timeline

We will acknowledge receipt within 3 business days
We will provide an initial assessment within 10 business days
We will work with you to understand and resolve the issue

Scope

This policy applies to the code in this repository. The scanning tools included in the Docker image (lacework/codesec) are maintained separately — please report vulnerabilities in those tools through the same Fortinet PSIRT process.

Test Fixtures

The test/sample-repo/ directory contains intentionally insecure code used to validate the scanner's detection capabilities. These are not real credentials or vulnerabilities.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security

SECURITY.md

Security Policy

Reporting a Vulnerability

What to Include

Response Timeline

Scope

Test Fixtures

There aren't any published security advisories

Security: lacework/forticnapp-code-security-azuredevops

Security

SECURITY.md

Security Policy

Reporting a Vulnerability

What to Include

Response Timeline

Scope

Test Fixtures

There aren't any published security advisories