Do not open a public issue. Email security@sumikkolab.com with:
- Description of the vulnerability
- Steps to reproduce
- Affected version (shown in Settings > About or
Dependa.exe version)
Acknowledgment within 72 hours. Critical issues are prioritized.
- Dependa application (GUI and CLI)
- MSIX package distributed via Microsoft Store
- Bundled data files (advisories, license definitions)
- dependa.sumikkolab.com website
Third-party services (OSV API, PyPI, npm registry, NuGet API) are out of scope.
| Version | Supported |
|---|---|
| 1.0.x | Yes |