// security
Security is infrastructure, not a feature
Forge combines audited controls, encrypted infrastructure, and exportable evidence so engineering teams can ship without slowing security reviews.
Security practices
Encryption model
TLS 1.3 in transit, AES-256 at rest, and envelope encryption for secrets stored in the control plane.
Compliance architecture
Continuous monitoring, evidence collection, and audit-ready reporting designed to support SOC 2 Type II and ISO 27001 review programmes.
Network architecture
Private service authentication, segmented production networks, and traffic controls at the edge gateway.
Vulnerability disclosure programme
Security reports route to a dedicated inbox with severity triage and coordinated disclosure.
Report a vulnerability
If you discover a security vulnerability, please email security@REPLACE-WITH-YOUR-DOMAIN.example.com. Do not open a public GitHub issue. We acknowledge critical reports within one business day and coordinate remediation directly with the reporter.
PGP fingerprint: [CUSTOMISE: paste your real PGP fingerprint or remove this block]