Merge pull request #1099 from slammingprogramming/docs-overhaul

Docs overhaul

.github/ISSUE_TEMPLATE/enhancement-request.yml

@@ -0,0 +1,33 @@
+name: Enhancement Request
+description: Propose an improvement to an existing feature or UX behavior.
+labels: ['enhancement ♻️']
+body:
+- type: checkboxes
+  attributes:
+    label: Is there an existing issue for this?
+    options:
+      - label: I have searched existing open and closed issues
+        required: true
+- type: textarea
+  attributes:
+    label: What is the enhancement?
+    description: Describe the change or optimization you’d like to see to an existing feature.
+    placeholder: e.g. Make scan intervals configurable from UI instead of just `app.conf`
+    required: true
+- type: textarea
+  attributes:
+    label: What problem does this solve or improve?
+    description: Describe why this change would improve user experience or project maintainability.
+    required: true
+- type: textarea
+  attributes:
+    label: Additional context or examples
+    description: |
+      Screenshots? Comparisons? Reference repos?
+    required: false
+- type: checkboxes
+  attributes:
+    label: Are you willing to help implement this?
+    options:
+      - label: "Yes"
+      - label: "No"

.github/ISSUE_TEMPLATE/refactor-codequality-request.yml

@@ -0,0 +1,37 @@
+name: Refactor / Code Quality Request ♻️
+description: Suggest improvements to code structure, style, or maintainability.
+labels: ['enhancement ♻️']
+body:
+- type: checkboxes
+  attributes:
+    label: Is there an existing issue for this?
+    description: Please check if a similar request already exists.
+    options:
+      - label: I have searched the existing open and closed issues
+        required: true
+- type: textarea
+  attributes:
+    label: What part of the code needs refactoring or improvement?
+    description: Specify files, modules, or components.
+    required: true
+- type: textarea
+  attributes:
+    label: Describe the proposed changes
+    description: Explain the refactoring or quality improvements you suggest.
+    required: true
+- type: textarea
+  attributes:
+    label: Why is this improvement needed?
+    description: Benefits such as maintainability, readability, performance, or scalability.
+    required: true
+- type: textarea
+  attributes:
+    label: Additional context or examples
+    description: Any relevant links, references, or related issues.
+    required: false
+- type: checkboxes
+  attributes:
+    label: Can you help implement this change?
+    options:
+      - label: Yes
+      - label: No

.github/ISSUE_TEMPLATE/security-report.yml

@@ -0,0 +1,28 @@
+name: Security Report 🔐
+description: Report a security vulnerability or concern privately.
+labels: ['security 🔐']
+body:
+- type: markdown
+  attributes:
+    value: |
+      **Important:** For security reasons, please do **not** post sensitive security issues publicly in the issue tracker.
+      Instead, send details to our security contact email: [jokob@duck.com](mailto:jokob@duck.com).
+      
+      We appreciate your responsible disclosure.
+- type: textarea
+  attributes:
+    label: Brief summary (non-sensitive)
+    description: Provide a non-sensitive overview of the security issue.
+    required: true
+- type: textarea
+  attributes:
+    label: Additional context or references
+    description: Any other information or related reports.
+    required: false
+- type: checkboxes
+  attributes:
+    label: Have you sent this report via email to the security contact?
+    options:
+      - label: Yes, I have sent the details to jokob@duck.com
+        required: true
+      - label: Not yet, I will send it after opening this issue

.github/ISSUE_TEMPLATE/translation-request.yml

@@ -0,0 +1,36 @@
+name: Translation / Localization Request 🌐
+description: Suggest adding or improving translations or localization support.
+labels: ['enhancement 🌐']
+body:
+- type: checkboxes
+  attributes:
+    label: Have you checked for existing translation efforts or related issues?
+    options:
+      - label: I have searched existing open and closed issues
+        required: true
+- type: textarea
+  attributes:
+    label: Language(s) involved
+    description: Specify the language(s) this request pertains to.
+    required: true
+- type: textarea
+  attributes:
+    label: Describe the translation or localization improvement
+    description: Examples include adding new language support, fixing translation errors, or improving formatting.
+    required: true
+- type: textarea
+  attributes:
+    label: Why is this important for the project or users?
+    description: Describe the benefits or target audience.
+    required: false
+- type: textarea
+  attributes:
+    label: Additional context or references
+    description: Link to files, previous translation PRs, or external resources.
+    required: false
+- type: checkboxes
+  attributes:
+    label: Can you help with translation or review?
+    options:
+      - label: Yes
+      - label: No

.github/PULL_REQUEST_TEMPLATE/code-pr-template.md

@@ -0,0 +1,53 @@
+## 📌 Description
+
+<!-- Provide a brief description of the changes you're introducing. Be clear and concise. -->
+
+---
+
+## 🔍 Related Issues
+
+<!-- Reference any related issues (e.g., closes #123, fixes #456) -->
+
+---
+
+## 📋 Type of Change
+
+Please check the relevant option(s):
+
+- [ ] 🐛 Bug fix
+- [ ] ✨ New feature
+- [ ] ♻️ Code refactor
+- [ ] 📚 Documentation update
+- [ ] 🧪 Test addition or change
+- [ ] 🔧 Build/config update
+- [ ] 🚀 Performance improvement
+- [ ] 🔨 CI/CD or automation
+- [ ] 🧹 Cleanup / chore
+
+---
+
+## 📷 Screenshots or Logs (if applicable)
+
+<!-- Add screenshots, terminal output, logs, or anything that helps understand your change -->
+
+---
+
+## 🧪 Testing Steps
+
+<!-- Describe how the change was tested. Manual steps, test cases, or automated test runs -->
+
+---
+
+## ✅ Checklist
+
+- [ ] I have read the [Contribution Guidelines](https://github.com/jokob-sk/NetAlertX/blob/main/docs/CONTRIBUTING.md)
+- [ ] I have tested my changes locally
+- [ ] I have updated relevant documentation (if applicable)
+- [ ] I have verified my changes do not break existing behavior
+- [ ] I am willing to respond to requested changes and feedback
+
+---
+
+## 🙋 Additional Notes
+
+<!-- Anything else you want reviewers to know? Future follow-ups? Questions? -->

.github/PULL_REQUEST_TEMPLATE/docs-pr-template.md

@@ -0,0 +1,36 @@
+## 📚 Documentation Update
+
+<!-- Describe the purpose of this PR in one or two sentences. Example: "This PR updates the contributor guidelines by merging frontend and backend sections." -->
+
+---
+
+## 📝 What’s Changed?
+
+<!-- Briefly outline what parts of the documentation were added, changed, removed, or reorganized -->
+
+- Combined frontend and backend development guidelines into a single file
+- Updated `mkdocs.yml` to reflect new structure
+- Added clarification on contribution process
+- Fixed outdated links in sidebar
+
+---
+
+## 🔍 Related Issue(s)
+
+<!-- Link to related issues, discussions, or context (e.g., closes #123) -->
+
+---
+
+## ✅ Checklist
+
+- [ ] I followed the formatting/style of existing documentation
+- [ ] I updated `mkdocs.yml` if necessary
+- [ ] I verified links and references still work
+- [ ] I checked that my changes improve clarity, structure, or accuracy
+- [ ] I'm open to feedback and suggestions
+
+---
+
+## 🙋 Additional Notes
+
+<!-- Optional: Include anything you want reviewers to be aware of -->

CODE_OF_CONDUCT.md

@@ -0,0 +1,137 @@
+
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, caste, color, religion, or sexual
+identity and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+- Demonstrating empathy and kindness toward other people
+- Being respectful of differing opinions, viewpoints, and experiences
+- Giving and gracefully accepting constructive feedback
+- Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+- Focusing on what is best not just for us as individuals, but for the overall
+  community
+
+Examples of unacceptable behavior include:
+
+- The use of sexualized language or imagery, and sexual attention or advances of
+  any kind
+- Trolling, insulting or derogatory comments, and personal or political attacks
+- Public or private harassment
+- Publishing others' private information, such as a physical or email address,
+  without their explicit permission
+- Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official email address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at jokob@duck.com.
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Ethical Use Clause (Project-Specific)
+
+While NetAlertX is a tool designed to empower users with greater insight into their own networks, we expect and encourage all users to use this software **ethically and legally**.
+
+- Do not use this software to scan or monitor networks without **explicit authorization**.
+- Respect privacy, consent, and data protection laws applicable in your jurisdiction.
+- Any use of NetAlertX for malicious surveillance, stalking, or unauthorized access is explicitly discouraged and may be grounds for removal from the community and revocation of support.
+
+We reserve the right to take appropriate action to uphold the ethical integrity of this project.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series of
+actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or permanent
+ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior, harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within the
+community.
+
+## Attribution
+
+This Code of Conduct is adapted from the
+[Contributor Covenant](https://www.contributor-covenant.org/), version 2.1,
+available at
+<https://www.contributor-covenant.org/version/2/1/code_of_conduct/>.
+
+Community Impact Guidelines were inspired by
+[Mozilla's code of conduct enforcement ladder](https://github.com/mozilla/inclusion).
+
+For answers to common questions about this code of conduct, see the FAQ at
+<https://www.contributor-covenant.org/faq/>. Translations are available at
+<https://www.contributor-covenant.org/translations/>.

CONTRIBUTING

@@ -1,14 +1,53 @@
-# Contributing to this project
+# 🤝 Contributing to NetAlertX
 
-## Issues, bugs, feature requests
+First off, **thank you** for taking the time to contribute! NetAlertX is built and improved with the help of passionate people like you.
 
-The issue tracker is the preferred channel for bug reports, features requests and submitting pull requests.
+---
 
-Before submitting a new issue please spend a couple of minutes on research:
+## 📂 Issues, Bugs, and Feature Requests
 
-* Check [🛑 Common issues](https://github.com/jokob-sk/NetAlertX/blob/main/docs/DEBUG_TIPS.md#common-issues) 
-* Check [💡 Closed issues](https://github.com/jokob-sk/NetAlertX/issues?q=is%3Aissue+is%3Aclosed) if a similar issue was solved in the past.
+Please use the [GitHub Issue Tracker](https://github.com/jokob-sk/NetAlertX/issues) for:
+- Bug reports 🐞
+- Feature requests 💡
+- Documentation feedback 📖
 
-## Pull-requests (PRs)
+Before opening a new issue:
+- 🛑 [Check Common Issues & Debug Tips](https://github.com/jokob-sk/NetAlertX/blob/main/docs/DEBUG_TIPS.md#common-issues)
+- 🔍 [Search Closed Issues](https://github.com/jokob-sk/NetAlertX/issues?q=is%3Aissue+is%3Aclosed)
 
-If you submit a PR please do check that your changes are backward compatible with existing installations. Existing features should be always preserved.
+---
+
+## 🚀 Submitting Pull Requests (PRs)
+
+We welcome PRs to improve the code, docs, or UI!
+
+Please:
+- Ensure **backward compatibility** with existing installations
+- Preserve existing features unless a breaking change is intentional and discussed
+- Follow existing **code style and structure**
+- Provide a clear title and description for your PR
+- If relevant, add or update tests and documentation
+- For plugins, refer to the [Plugin Dev Guide](https://github.com/jokob-sk/NetAlertX/blob/main/docs/PLUGINS_DEV.md)
+
+---
+
+## 🌟 First-Time Contributors
+
+New to open source? Check out these resources:
+- [How to Fork and Submit a PR](https://opensource.guide/how-to-contribute/)
+- Ask questions or get support in our [Discord](https://discord.gg/NczTUTWyRr)
+
+---
+
+## 🔐 Code of Conduct
+
+By participating, you agree to follow our [Code of Conduct](./CODE_OF_CONDUCT.md), which ensures a respectful and welcoming community.
+
+---
+
+## 📬 Contact
+
+If you have more in-depth questions or want to discuss contributing in other ways, feel free to reach out at:  
+📧 [jokob@duck.com](mailto:jokob@duck.com?subject=NetAlertX%20Contribution)
+
+We appreciate every contribution, big or small! 💙

README.md

@@ -8,6 +8,39 @@
 
 Get visibility of what's going on on your WIFI/LAN network and enable presence detection of important devices. Schedule scans for devices, port changes and get alerts if unknown devices or changes are found. Write your own [Plugin](https://github.com/jokob-sk/NetAlertX/tree/main/docs/PLUGINS.md#readme) with auto-generated UI and in-build notification system. Build out and easily maintain your network source of truth (NSoT).
 
+## 📋 Table of Contents
+
+- [Features](#-features)
+- [Documentation](#-documentation)
+- [Quick Start](#-quick-start)
+- [Alternative Apps](#-other-alternative-apps)
+- [Security & Privacy](#-security--privacy)
+- [FAQ](#-faq)
+- [Known Issues](#-known-issues)
+- [Donations](#-donations)
+- [Contributors](#-contributors)
+- [Translations](#-translations)
+- [License](#license)
+
+
+## 🚀 Quick Start
+
+Start NetAlertX in seconds with Docker:
+
+```bash
+docker run -d \
+  --name=netalertx \
+  -p 20211:20211 \
+  -v /your/config/path:/config \
+  jokobsk/netalertx
+```
+
+Need help configuring it? Check the [usage guide](https://github.com/jokob-sk/NetAlertX/blob/main/docs/README.md) or [full documentation](https://jokob-sk.github.io/NetAlertX/).
+
+For Home Assistant users: [Click here to add NetAlertX](https://my.home-assistant.io/redirect/supervisor_add_addon_repository/?repository_url=https%3A%2F%2Fgithub.com%2Falexbelgium%2Fhassio-addons)
+
+For other install methods, check the [installation docs](#-documentation)
+
 
 | [📑 Docker guide](https://github.com/jokob-sk/NetAlertX/blob/main/dockerfiles/README.md) | [🚀 Releases](https://github.com/jokob-sk/NetAlertX/releases) | [📚 Docs](https://jokob-sk.github.io/NetAlertX/) | [🔌 Plugins](https://github.com/jokob-sk/NetAlertX/blob/main/docs/PLUGINS.md) | [🤖 Ask AI](https://gurubase.io/g/netalertx)
 |----------------------| ----------------------|  ----------------------| ----------------------| ----------------------| 
@@ -30,7 +63,7 @@ Get visibility of what's going on on your WIFI/LAN network and enable presence d
 
 ### Scanners
 
-The app scans your network for **New devices**, **New connections** (re-connections), **Disconnections**, **"Always Connected" devices down**, Devices **IP changes** and **Internet IP address changes**. Discovery & scan methods include: **arp-scan**,  **Pi-hole - DB import**,  **Pi-hole - DHCP leases import**, **Generic DHCP leases import**, **UNIFI controller import**, **SNMP-enabled router import**. Check the [Plugins](https://github.com/jokob-sk/NetAlertX/tree/main/docs/PLUGINS.md#readme) docs for a full lits of avaliable plugins. 
+The app scans your network for **New devices**, **New connections** (re-connections), **Disconnections**, **"Always Connected" devices down**, Devices **IP changes** and **Internet IP address changes**. Discovery & scan methods include: **arp-scan**,  **Pi-hole - DB import**,  **Pi-hole - DHCP leases import**, **Generic DHCP leases import**, **UNIFI controller import**, **SNMP-enabled router import**. Check the [Plugins](https://github.com/jokob-sk/NetAlertX/tree/main/docs/PLUGINS.md#readme) docs for a full list of avaliable plugins. 
 
 ### Notification gateways
 
@@ -60,6 +93,45 @@ Supported browsers: Chrome, Firefox
 - [[Development] Custom Plugins](https://github.com/jokob-sk/NetAlertX/blob/main/docs/PLUGINS_DEV.md)
 
 
+## 🔐 Security & Privacy
+
+NetAlertX scans your local network and can store metadata about connected devices. By default, all data is stored **locally**. No information is sent to external services unless you explicitly configure notifications or integrations.
+
+To further secure your installation:
+- Run it behind a reverse proxy with authentication
+- Use firewalls to restrict access to the web UI
+- Regularly update to the latest version for security patches
+
+See [Security Best Practices](https://github.com/jokob-sk/NetAlertX/wiki/Security) for more details.
+
+
+## ❓ FAQ
+
+**Q: Why don’t I see any devices?**  
+A: Ensure the container has proper network access (e.g., use `--network host` on Linux). Also check that your scan method is properly configured in the UI.
+
+**Q: Does this work on Wi-Fi-only devices like Raspberry Pi?**  
+A: Yes, but some scanners (e.g. ARP) work best on Ethernet. For Wi-Fi, try SNMP, DHCP, or Pi-hole import.
+
+**Q: Will this send any data to the internet?**  
+A: No. All scans and data remain local unless you set up cloud-based notifications.
+
+**Q: Can I use this without Docker?**  
+A: Yes! You can install it bare-metal. See the [bare metal install guide](https://github.com/jokob-sk/NetAlertX/blob/main/docs/HW_INSTALL.md).
+
+**Q: Where is the data stored?**  
+A: In the `/config` volume, mapped in Docker. Backup this folder regularly.
+
+
+## 🐞 Known Issues
+
+- Some scanners (e.g. ARP) may not detect devices on different subnets.
+- Wi-Fi-only networks may require alternate scanners for accurate detection.
+- Notification throttling may be needed for large networks to prevent spam.
+- On some systems, elevated permissions (like `CAP_NET_RAW`) may be needed for low-level scanning.
+
+Check the [GitHub Issues](https://github.com/jokob-sk/NetAlertX/issues) for the latest bug reports and solutions.
+
 ## 📃 Everything else
 <!--- --------------------------------------------------------------------- --->
 
@@ -111,7 +183,6 @@ Proudly using [Weblate](https://hosted.weblate.org/projects/pialert/). Help out
 
 ### License
 >  GPL 3.0 | [Read more here](LICENSE.txt) | Source of the [animated GIF (Loading Animation)](https://commons.wikimedia.org/wiki/File:Loading_Animation.gif) | Source of the [selfhosted Fonts](https://github.com/adobe-fonts/source-sans)
-  
 
 
 <!--- --------------------------------------------------------------------- --->
@@ -131,4 +202,3 @@ Proudly using [Weblate](https://hosted.weblate.org/projects/pialert/). Help out
 [main_dark]:                /docs/img/1_devices_dark.jpg                  "Main screen dark"
 [maintain_dark]:            /docs/img/5_maintain.jpg                      "Maintain screen dark"
 [follow_star]:              /docs/img/Follow_Releases_and_Star.gif        "Follow and Star"
-

docs/SECURITY.md

@@ -1,29 +1,102 @@
-# Securing your NetAlertX instance
+## 🧭 Responsibility Disclaimer
 
-NetAlertX is an execution framework. In order to run scanners and plugins, the application has to have access to privileged system resources. It is not recommended to expose NetAlertX to the internet without taking basic security precautions. It is highly recommended to use a VPN to access the application and to set up a password for the web interface before exposing the UI online.
+NetAlertX provides powerful tools for network scanning, presence detection, and automation. However, **it is up to you—the deployer—to ensure that your instance is properly secured**.
 
-## VPN
+This includes (but is not limited to):
+- Controlling who has access to the UI and API
+- Following network and container security best practices
+- Running NetAlertX only on networks where you have legal authorization
+- Keeping your deployment up to date with the latest patches
 
-VPNs allow you to securely access your NetAlertX instance from remote locations without exposing it to the internet. A VPN encrypts your connection and prevents unauthorized access.
+> NetAlertX is not responsible for misuse, misconfiguration, or unsecure deployments. Always test and secure your setup before exposing it to the outside world.
 
-### Tailscale as an Alternative
+# 🔐 Securing Your NetAlertX Instance
 
-If setting up a traditional VPN is not ideal, you can use [Tailscale](https://tailscale.com/) as an easy alternative. Tailscale creates a secure, encrypted connection between your devices without complex configuration. Since NetAlertX is designed to be run on private networks, Tailscale can provide a simple way to securely connect to your instance from anywhere.
+NetAlertX is a powerful network scanning and automation framework. With that power comes responsibility. **It is your responsibility to secure your deployment**, especially if you're running it outside a trusted local environment.
 
-## Setting a Password
+---
 
-By default, NetAlertX does not enforce authentication, but it is highly recommended to set a password before exposing the web interface.
+## ⚠️ TL;DR – Key Security Recommendations
 
-Configure `SETPWD_enable_password` to `true` and enter your password in `SETPWD_password`. When enabled, a login dialog is displayed. If facing issues, you can always disable the login by setting `SETPWD_enable_password=false` in your `app.conf` file.
+- ✅ **NEVER expose NetAlertX directly to the internet without protection**
+- ✅ Use a **VPN or Tailscale** to access remotely
+- ✅ Enable **password protection** for the web UI
+- ✅ Harden your container environment (e.g., no unnecessary privileges)
+- ✅ Use **firewalls and IP whitelisting**
+- ✅ Keep the software **updated**
+- ✅ Limit the scope of **plugins and API keys**
 
-- The default password is `123456`.  
-- Passwords are stored as SHA256 hashes for security.  
+---
 
-## Additional Security Measures
+## 🔗 Access Control with VPN (or Tailscale)
 
-- **Firewall Rules**: Ensure that only trusted IPs can access the NetAlertX instance.  
-- **Limit Plugin Permissions**: Only enable the plugins necessary for your setup.  
-- **Keep Software Updated**: Regularly update NetAlertX to receive the latest security patches.  
-- **Use Read-Only API Keys**: If exposing APIs, limit privileges with read-only keys where applicable.  
+NetAlertX is designed to be run on **private LANs**, not the open internet.
 
-By following these security recommendations, you can help protect your NetAlertX instance from unauthorized access and potential misuse.
+**Recommended**: Use a VPN to access NetAlertX from remote locations.
+
+### ✅ Tailscale (Easy VPN Alternative)
+
+Tailscale sets up a private mesh network between your devices. It's fast to configure and ideal for NetAlertX.  
+👉 [Get started with Tailscale](https://tailscale.com/)
+
+---
+
+## 🔑 Web UI Password Protection
+
+By default, NetAlertX does **not** require login. Before exposing the UI in any way:
+
+1. Enable password protection:
+   ```ini
+   SETPWD_enable_password=true
+   SETPWD_password=your_secure_password
+```
+
+2. Passwords are stored as SHA256 hashes
+
+3. Default password (if not changed): 123456 — change it ASAP!
+
+
+> To disable authenticated login, set `SETPWD_enable_password=false` in `app.conf`
+
+
+---
+
+## 🔥 Additional Security Measures
+
+- **Firewall / Network Rules**  
+  Restrict UI/API access to trusted IPs only.
+
+- **Limit Docker Capabilities**  
+  Avoid `--privileged`. Use `--cap-add=NET_RAW` and others **only if required** by your scan method.
+
+- **Keep NetAlertX Updated**  
+  Regular updates contain bug fixes and security patches.
+
+- **Plugin Permissions**  
+  Disable unused plugins. Only install from trusted sources.
+
+- **Use Read-Only API Keys**  
+  When integrating NetAlertX with other tools, scope keys tightly.
+
+---
+
+## 🧱 Docker Hardening Tips
+
+- Use `read-only` mount options where possible (`:ro`)
+- Avoid running as `root` unless absolutely necessary
+- Consider using `docker scan` or other container image vulnerability scanners
+- Run with `--network host` **only on trusted networks** and only if needed for ARP-based scans
+
+---
+
+## 📣 Responsible Disclosure
+
+If you discover a vulnerability or security concern, please report it **privately** to:
+
+📧 [jokob@duck.com](mailto:jokob@duck.com?subject=NetAlertX%20Security%20Disclosure)
+
+We take security seriously and will work to patch confirmed issues promptly. Your help in responsible disclosure is appreciated!
+
+---
+
+By following these recommendations, you can ensure your NetAlertX deployment is both powerful **and** secure.