Skip to content

Security: difince/pipelines

Security

SECURITY.md

Private Security Vulnerability Reporting

When reporting a vulnerability, please include a description of the issue, the steps you took to create the issue, affected versions, and, if known, mitigations for the issue. If the issue is confirmed as a vulnerability, we will open a Security Advisory. This project follows a 90 day disclosure timeline.

To report a security issue, please choose one of the options below:

  • Use https://g.co/vulnz. We use g.co/vulnz for our intake, and do coordination and disclosure here on GitHub (including using GitHub Security Advisory). The Google Security Team will respond within 5 working days of your report on g.co/vulnz.

  • Report a security vulnerability private via GitHub built-in function by following these instructions.

There aren’t any published security advisories