If you discover a security vulnerability, please report it through GitHub Issues.

For sensitive security matters, please prefix your issue title with [SECURITY].

We will:

• Acknowledge receipt within 48 hours
• Provide an initial assessment within 7 days
• Work with you to understand and resolve the issue

SwiftStaticAnalysis implements several security measures:

• Uses Swift's memory-safe constructs throughout
• Memory-mapped I/O prevents loading entire large files into memory
• Arena allocation provides controlled memory management

• Static analysis only - no dynamic code evaluation
• Does not execute or compile analyzed code
• Safe to run on untrusted codebases

• Read-only analysis by default
• No network connectivity required
• Output only to explicitly specified locations

• No collection of telemetry or analytics
• No external service dependencies
• All processing happens locally

When using SwiftStaticAnalysis:

1. Run in sandboxed environments for untrusted code
2. Review output before taking automated actions
3. Keep updated to receive security fixes
4. Report issues promptly through proper channels