Acceptable Use Policy
Last updated: 2026-07-01
This policy defines what you may and may not do with ShipGuard and the agenticcli.dev cloud scan API. Using the service means you agree to these rules.
Permitted uses
- Running the ShipGuard CLI against your own codebases or those of organisations you have authorisation to work with.
- Using the cloud scan API within your subscribed plan limits to integrate security gating into your own CI/CD pipelines and pre-push hooks.
- Reviewing scan output to understand and remediate security findings in your own projects.
- Sharing scan results (JSON output) with your own team or security reviewers.
Prohibited uses
- Rate-limit and quota abuse. Sending requests to the cloud API at a rate that exceeds your plan quota, or using automated tools to circumvent scan limits.
- Reselling or redistributing the rules corpus. The security rules that power ShipGuard are our intellectual property. You may not extract, package, or redistribute them as a standalone product or integrate them into a competing security tool.
- Reverse-engineering the service. Decompiling, disassembling, or otherwise attempting to derive the source code or rule logic of the ShipGuard service (beyond the open-source CLI portions).
- Unauthorised scanning. Scanning codebases you do not own or have explicit authorisation to test.
- Scraping and bulk extraction. Systematically extracting data from the API or web interface beyond normal product use.
- Illegal use. Using the service in violation of any applicable law, including data protection laws.
API-key security responsibilities
If your account is issued an API key for the cloud scan API, you are responsible for keeping it secret. In particular:
- Do not commit API keys to source control — use environment variables or secrets managers.
- Do not share API keys publicly or with parties outside your authorised team.
- If you believe a key has been leaked, rotate it immediately from your account settings and notify us at [email protected] so we can monitor for misuse.
You are responsible for all activity that occurs under your API key. If a key is compromised and your account is used to abuse the service, we may suspend your account pending investigation.
Enforcement
Violations of this policy may result in warnings, temporary suspension, or permanent termination of your account, at our discretion and without prior notice where the violation is serious. We will attempt to contact you before taking action where practical.
Questions or concerns? Email [email protected].