Security at Veln

Every Veln CLI release is signed with Sigstore cosign using GitHub OIDC (keyless signing). Each platform binary ships with its .sigand .pem next to it on the GitHub Release. You can verify any download with cosign verify-blob.

Releases are built and signed by GitHub Actions on tag push only after the same checks that run on every pull request (typecheck, lint, tests, govulncheck, staticcheck) have passed.

The agent can verify its own SHA-256 hash on startup and on a recurring interval. This is opt-in via the VELN_EXPECTED_BINARY_SHA256 environment variable (and VELN_EXPECTED_BINARY_RECHECK_INTERVAL for the cadence). On mismatch, the agent shuts down via SIGTERM. This catches in-place tampering when configured.

The policy your agent enforces (block lists, cooling periods, ecosystem rules) is delivered as a JWT signed with RS256 by the Veln control plane. The agent verifies the signature against VELN_POLICY_PUBLIC_KEY before applying any policy. An unsigned or invalidly-signed policy is rejected and the agent falls back to its compiled-in defaults.

Note: the policy and the user's local ~/.veln/config.toml are different things. Local config is plain TOML and is read from disk — local-machine-trust is the boundary.

Every HTTP client used by the agent enforces TLS verification with a minimum of TLS 1.2. There is noInsecureSkipVerify path.

What leaves your machine: when the agent is connected to the Veln Console, install verdicts (package name, ecosystem, version, result), and your machine identifier (an opaque ID, not your hostname). If you opt into Veln Consensus, the package hash you observed is shared so the network can cross-check binaries.

What never leaves your machine: your source code, your project structure or dependency tree, file contents from analyzed packages, environment variables, and your bearer tokens.

Telemetry can be suppressed entirely with inspection mode (veln run audit-only against local policy without contacting the platform). When inspection mode is active, the agent prints a one-line warning so you know.

If you find a security issue in Veln, email security@veln.sh. We aim to acknowledge reports promptly and will coordinate a fix and disclosure timeline with you. We do not currently run a bug-bounty program but we review every report.

Please don't publicly disclose an issue before we've had a chance to ship a fix. We'll credit you in release notes if you want.

We'd rather tell you what we're missing than imply otherwise. The following are on the roadmap but not in place today:

• SOC 2 Type II audit
• Customer-facing DPA / GDPR addendum
• Bug bounty program
• OS-keystore-backed local trust database
• Process sandboxing of the agent (seccomp / sandbox_init / Job Object)

If any of these are blockers for your purchase, write to hello@veln.sh and tell us — that helps us prioritize.