Thank you for taking the time to disclose a potential security issue.
Please report vulnerabilities via email to security@chainguard.dev.
To assist our triage, please include:
- A clear description of the issue and its potential impact.
- Steps to reproduce or proof-of-concept if available.
- Affected versions or commit hashes.
- Any known mitigations or fixes.
- How you would like to be credited if attribution is desired (e.g., name, known handle).
We are grateful when vulnerabilities are reported to us.
As a reporter, you can expect:
- A prompt acknowledgment of your report (within 72 hours).
- A transparent dialog and timely fix for valid issues.
- Credit for disclosure, if desired.
Please see the full Chainguard Vulnerability Disclosure Policy to learn more.