Security

We eat our own dogfood.

Argitron is built to run governance for B2B companies. We run it on ourselves first. This page is a public summary of the controls we operate.

Live status badge sourced from /trust. We publish all production incidents within 24 hours.

Signed SBOM published with every release. CycloneDX + SPDX formats. Available from the GitHub release page.

Annual minimum, quarterly aspirational. Executive 1-pager available on request. Full report under NDA.

Email security@argitron.com. PGP key on the trust page. We acknowledge in 1 business day, fix critical within 7 days.

Public CVE-history page coming soon: every CVE filed against Argitron + remediation timeline. Honest defect record.

RFC 9116 compliant. Hosted at /.well-known/security.txt.

Free under 25 assets, forever. No credit card. No sales call. Production use OK.