How to report
Email [email protected] and include the URL, steps, impact, and non-sensitive evidence needed to understand the issue.
Please avoid screenshots or logs containing secrets, customer data, credentials, or private personal data.
Security
Responsible disclosure for the current public surface.
If you believe you found a security issue in Kizaru's public surface, contact [email protected] with a concise, non-destructive report.
Public scope is intentionally narrow today: the current public scope is the static landing and public trust pages. The /scan backend is not publicly exposed.
Responsible testing
Do not run destructive tests, high-volume scans, exploitation, credential attacks, persistence tests, or attempts to access private data.
Do not exploit a finding beyond the minimum needed to show that a public static page behavior is affected.
Current product boundary
Kizaru is defensive QA monitoring software. It is not a public scanning service and the monitoring backend remains private.
Reports about the static site are welcome; requests to test private infrastructure require explicit written approval first.