Skip to content
Responsible disclosure

Found a vulnerability? Tell us.

Denpex takes reports seriously. We acknowledge valid submissions within one business day and aim to ship a fix within 30 days. We do not pursue legal action against good-faith security research that complies with this policy.

How to report

What to expect

  1. Acknowledgement within one business day.
  2. Triage and reproduction (usually within 5 business days).
  3. Fix shipped within 30 days for valid issues (or sooner for critical severity).
  4. Public credit in our Hall of Fame (coming soon) — only with your permission.

Scope

In scope: denpex.com, api.denpex.com, console.denpex.com, the agent (/agent/denpex.py), and our public GitHub repositories.

See the Trust Center for our SOC 2 status and security posture.