Responsible disclosure
Found a vulnerability? Tell us.
Denpex takes reports seriously. We acknowledge valid submissions within one business day and aim to ship a fix within 30 days. We do not pursue legal action against good-faith security research that complies with this policy.
How to report
- Email security@denpex.com with reproduction steps, impact, and any proof-of-concept code.
- Or open a private security advisory on our GitHub: github.com/denpex/security.
- Our machine-readable security contact and policy are published at /.well-known/security.txt.
What to expect
- Acknowledgement within one business day.
- Triage and reproduction (usually within 5 business days).
- Fix shipped within 30 days for valid issues (or sooner for critical severity).
- Public credit in our Hall of Fame (coming soon) — only with your permission.
Scope
In scope: denpex.com, api.denpex.com, console.denpex.com, the agent (/agent/denpex.py), and our public GitHub repositories.
See the Trust Center for our SOC 2 status and security posture.