Skip to content

Latest commit

 

History

History
21 lines (16 loc) · 844 Bytes

SECURITY.md

File metadata and controls

21 lines (16 loc) · 844 Bytes

Security policy

Reporting a vulnerability

To report a security problem in Artifact Hub, please contact the Maintainers Team at [email protected].

Remediation and Notification Process

The maintainers will evaluate the report to verify the security issue. If the issue does not have a security impact, the report and follow-up will move to GitHub issues. If a security issue exists, the maintainers use the following process:

  1. Create a new draft advisory via GitHub Security Advisories
  2. Request a CVE identification number
  3. Collaborate on a private fork, part of the GitHub Security Advisory system, to fix the issue.
  4. Once a solution is ready, the CVE will be finalized and published, the change will be merged, and there will be a new release of Artifact Hub including the security fix.