Skip to content

Security: zarf-dev/zarf

.github/SECURITY.md

Reporting Security Issues

To report a security issue or vulnerability in Zarf, please use the confidential GitHub Security Advisory "Report a Vulnerability" tab. The Zarf team will send a response indicating the next steps in handling your report. After the initial reply to your report, the team will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.

When Should I Report a Vulnerability?

  • You found a vulnerability in the Zarf code.
  • You found a vulnerability in one of the Zarf dependencies that affects the project that has not been patched yet.

When Should I NOT Report a Vulnerability?

  • You found a bug or malfunction in the Zarf code (not security related).
  • You want to add a feature to Zarf.

Supported Versions

As Zarf has not yet reached v1.0.0, only the current latest minor release is supported.

Contacting Us

To discuss security related issues, please email the maintainers at zarf-dev-private@googlegroups.com.

There aren’t any published security advisories