Security fixes are provided for the latest released version of this CLI. Users are encouraged to upgrade to the most recent version to receive security updates.
| Version | Supported |
|---|---|
| Latest | ✅ |
| Older | ❌ |
We take security issues seriously and appreciate responsible disclosure.
If you believe you have identified a security vulnerability in this CLI, please report it privately by email.
Email: security@armis.com
When reporting, please include:
- CLI version
- Operating system and runtime environment
- Clear steps to reproduce or a proof of concept
- Expected versus actual behavior
- Assessment of potential impact
Please do not disclose security issues publicly until a fix or mitigation has been released.
This security policy applies to:
- The open-source CLI client in this repository
- CLI installation, configuration, and runtime behavior
- Packaging and distribution mechanisms
This policy does not apply to:
- Backend cloud services
- Proprietary APIs
- Hosted analysis engines or infrastructure
- Vulnerabilities affecting cloud-side logic or data
Security issues related to cloud services should be reported through the appropriate cloud security disclosure channel.
Reports are considered in scope when they demonstrate a clear, reproducible security impact affecting the CLI itself, including but not limited to:
- Credential exposure or misuse
- Unauthorized access or privilege escalation
- Local or remote code execution
- Tampering with CLI behavior or outputs
Reports consisting solely of automated scanner output without a demonstrable security impact may be considered out of scope.
After receiving a report, we will:
- Acknowledge receipt within a reasonable timeframe
- Investigate and assess the issue
- Develop a fix or mitigation as appropriate
- Coordinate disclosure once remediation is available
We request that reporters coordinate with us and refrain from public disclosure until a fix or mitigation has been released.
We support good-faith security research conducted in accordance with this policy. We will not pursue legal action against researchers who:
- Act in good faith
- Avoid harm to users or data
- Avoid service disruption
- Respect privacy and applicable laws
Our vulnerability disclosure approach aligns with widely accepted responsible disclosure practices, including those described in the Armis Vulnerability Disclosure Policy:
https://www.armis.com/legal-compliance/vulnerability-disclosure-policy/