DriftFence keeps the launch product local by default.
The launch product is a local CLI and GitHub Action. It is designed to compare repo-stored contracts against test-generated traces without requiring a hosted DriftFence control plane.
What the launch product does and does not do.
- Runs locally in the repo and CI environment.
- Stores protected contracts in the repo by default.
- Does not require hosted trace collection to operate.
- Does not require production traffic instrumentation.
Report vulnerabilities privately.
If you believe you found a security issue in DriftFence, use GitHub private vulnerability reporting so the report is not public while it is being reviewed.
Use public GitHub issues for non-sensitive problems.
Public bugs, documentation problems, install issues, and general product questions should go through GitHub issues so they are visible and easy to track.
Current launch-stage response model.
DriftFence is still in the early launch phase. The practical response path today is:
- Private vulnerability reports through GitHub advisories.
- Public bugs and docs issues through GitHub issues.
- Fit-review and pilot conversations through the workflow fit-review page.