Security Policy Reporting a vulnerability Please email security@devblac.com (or open a private GitHub security advisory) with a clear description, steps to reproduce, and potential impact. Do not file public issues for vulnerabilities. We aim to acknowledge reports within 3 business days. Supported versions main branch and the latest tagged release. Scope watch-tower CLI and its packaged artifacts. Third-party dependencies should be reported upstream.