security.txt Auditor
Pricing
from $4.90 / 1,000 domain auditeds
security.txt Auditor
Audit presence and RFC-style validity of public security disclosure files.
Pricing
from $4.90 / 1,000 domain auditeds
Rating
0.0
(0)
Developer
junipr
Maintained by CommunityActor stats
0
Bookmarked
2
Total users
1
Monthly active users
2 days ago
Last modified
Categories
Share
What It Does
Audit presence and RFC-style validity of public security disclosure files.
This local package is part of the Junipr Apify actors 171-200 premium build for ChatGPT review.
What It Does Not Do
- It does not call live Apify APIs.
- It does not publish, upload Store assets, create public tasks, or configure live PPE.
- It does not claim publish readiness.
- It does not make unbounded network calls in the local fixture path.
Input Fields
Seed shape: domains or URLs, maxDomains, timeoutMs, strictMode, includeSummary
The tiny fixture is available at examples/input.tiny.json and mirrored at fixtures/input.tiny.json for the local runner.
Output Fields
domaincheckedUrlfoundisValidcontactsexpirescanonicalissuesseverity
Pricing / PPE Events
Pricing is local configuration only.
- Model: PPE
- Status: LOCAL_CONFIG_ONLY_NOT_LIVE
- Paid output event: domain-audited
- Pass-through usage: OFF by default. Browser, proxy, and high-volume external request modes are not enabled in this local build.
Public Task Examples
Check security.txt expiry for a domain
- Search intent: check security.txt expiry for a domain
- Specific input: Fixture input shaped for check security.txt expiry for a domain.
- Expected output: Dataset rows with domain, checkedUrl, found, isValid plus local KVS report evidence.
- Why run it: AppSec teams, agencies, bug-bounty/program managers would run this to get a bounded local proof before any live Apify review or production use.
Verify vulnerability disclosure contacts
- Search intent: verify vulnerability disclosure contacts
- Specific input: Fixture input shaped for verify vulnerability disclosure contacts.
- Expected output: Dataset rows with domain, checkedUrl, found, isValid plus local KVS report evidence.
- Why run it: AppSec teams, agencies, bug-bounty/program managers would run this to get a bounded local proof before any live Apify review or production use.
Audit canonical security.txt location
- Search intent: audit canonical security.txt location
- Specific input: Fixture input shaped for audit canonical security.txt location.
- Expected output: Dataset rows with domain, checkedUrl, found, isValid plus local KVS report evidence.
- Why run it: AppSec teams, agencies, bug-bounty/program managers would run this to get a bounded local proof before any live Apify review or production use.
Find missing disclosure metadata for a client site
- Search intent: find missing disclosure metadata for a client site
- Specific input: Fixture input shaped for find missing disclosure metadata for a client site.
- Expected output: Dataset rows with domain, checkedUrl, found, isValid plus local KVS report evidence.
- Why run it: AppSec teams, agencies, bug-bounty/program managers would run this to get a bounded local proof before any live Apify review or production use.
Review bug-bounty readiness before public launch
- Search intent: review bug-bounty readiness before public launch
- Specific input: Fixture input shaped for review bug-bounty readiness before public launch.
- Expected output: Dataset rows with domain, checkedUrl, found, isValid plus local KVS report evidence.
- Why run it: AppSec teams, agencies, bug-bounty/program managers would run this to get a bounded local proof before any live Apify review or production use.
Tests
- Actor-specific fixture tests live in
test/security-txt-auditor.test.ts. - Node-based local suites validate dataset schema conformance, output samples, local smoke runs, and PPE guard behavior.
FAQ
Is this live on Apify?
No. This is a local package for ChatGPT review only.
Is it publish-ready?
No. It needs later live tiny-run validation and console configuration before any publication decision.