| Version | Supported |
|---|---|
| 0.1.x | ✅ |
If you discover a security vulnerability in SCOUT, please report it responsibly.
Do NOT open a public GitHub issue for security vulnerabilities.
- Email: security@scout.dev (or create a private GitHub advisory)
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: Within 48 hours
- Initial assessment: Within 1 week
- Fix timeline: Depends on severity
- Critical: 24-48 hours
- High: 1 week
- Medium: 2 weeks
- Low: Next release
In-scope vulnerabilities:
- Authentication bypass
- Authorization bypass (tenant isolation escape)
- Injection attacks (SQL, command, prompt)
- Sensitive data leakage
- Denial of service via crafted input
- Cryptographic weaknesses
Out-of-scope:
- Issues in dependencies (report upstream)
- Issues requiring physical access to the server
- Issues in development-only features
- API keys hashed with SHA-256 + salt
- Constant-time comparison via
hmac.compare_digest - No plaintext key storage
- Keys can have expiration dates
- Every service method is tenant-scoped
- Cross-tenant access returns 404 (not 403)
- No information leakage between tenants
- Pydantic models for all API inputs
- Tool output size limits (configurable)
- Message history truncation
- Sensitive data scanning in memory store
- Error messages sanitized in production
- No file paths, API keys, or internal details in responses
- Structured logging (no
print()statements)
- Per-tenant request limits (per-minute, per-hour)
- Concurrent request limits
- Configurable per deployment
See the production readiness gates in README.md for the full list of security measures applied.
SCOUT uses:
- SHA-256 for API key hashing
- HMAC for constant-time comparison
- WAL mode for SQLite concurrent access
busy_timeoutfor SQLite write contention
No custom cryptography is implemented. All crypto uses Python standard library.