This project is a local-first CLI. Security fixes are provided for the latest released version only.

If you discover a security issue in Tien:

• Prefer GitHub Security Advisories (private) for coordinated disclosure.
• Include steps to reproduce and any relevant logs.

Do not open a public issue for sensitive findings.

Tien performs passive checks only (GET/HEAD for URLs, static analysis for repos). You are responsible for:

• Scanning only targets you own or are authorized to assess.
• Complying with applicable laws, policies, and program rules.

Tien does not attempt exploitation or active testing.