Skip to content

Security: Gusto/gusto-cli

Security

SECURITY.md

Security

If you find a security issue in the Gusto CLI, please do not open a public issue. Email security@gusto.com with a description and reproduction steps. We will acknowledge within two business days.

Scope

In scope:

  • The CLI binary and bundled skills
  • The install script at cli.gusto.com/install.sh
  • The OAuth flows the CLI participates in (DCR, PKCE)

Out of scope:

  • Gusto product UI bugs (report at gusto.com/security)
  • Issues in upstream dependencies without a Gusto-specific exploit path

There aren't any published security advisories