Netbird has supposedly done a penetration test, but it is only supplied upon request [0]. I haven't bothered trying to get my hands on it since I don't use their product. I don't agree with gatekeeping the results instead of making them public.

NetBird should also consider publishing an SBOM, similar to what Defguard does.[1].

[0] https://trust.netbird.io/

[1] https://defguard.net/sbom/