Security

See the security docs for FMD Android and FMD Server.

We have static analysis with SonarQube Cloud thanks to their Free tier. It checks for security issues and clean code.

Reporting vulnerabilities

If you discover a security vulnerability in FMD, please contact us to organise a coordinated disclosure.

We also have a security.txt.

See this guide for how to verify the signatures of FMD's release artifacts.

If you are interested in the processes behind how FMD manages its signing keys, see these articles.