Project routing
Give each product project its own incoming address so reports land with the correct asset history.
Project-specific inboxes, sender allowlists, approved repositories, remote-scan controls, and manual or automatic kickoff convert incoming reports into structured investigation without expanding scope silently.
A report often arrives in one system, becomes a ticket in another, and turns into ad hoc testing somewhere else. ZeroQuarry keeps the original claim and the resulting assessment inside the owning product history.
Give each product project its own incoming address so reports land with the correct asset history.
Process exact researchers, partner addresses, or trusted domains instead of creating an open public trigger.
List the GitHub repositories the triage model may select for each project.
Keep live-target testing disabled unless that project has an explicit and stable authorization boundary.
Start with automatic dispatch off so operators can inspect proposed target, scan type, and notes.
Validate resulting findings, record the decision, route ownership, and create a controlled share or disclosure when appropriate.
ZeroQuarry automates investigation and coordination. Your team keeps control of authorization, risk ownership, and production changes.
Forward the report to the assigned project inbox from an allowed sender.
The triage model identifies target, scan type, and useful notes inside the configured boundary.
An operator approves the work or the project starts it automatically after the rules are trusted.
Validate findings, route remediation, and track the external communication when needed.
Useful coverage should lead to faster decisions, cleaner remediation, and evidence that holds up when someone asks for it later.
Reduce the manual translation between an external claim and a scoped reproduction plan.
Constrain what an untrusted email can cause the platform to investigate.
Keep intake, findings, decisions, remediation, and disclosure with the product that owns the risk.
These are the product boundaries, controls, and operating details teams usually want to understand first.
Only messages routed to an active project address and matching an exact sender or allowed domain are processed.
The model can only resolve repositories listed for that project. Reports that cannot map safely are surfaced for review instead of expanding the boundary.
Begin with exact sender addresses and one approved repository. Matching reports start after those checks, so keep the boundary narrow and expand it only after target matching behaves as expected.
Use the free trial on your own product, then decide whether the resulting security work is useful enough to keep.