Skip to content

Security: in-toto/witness

SECURITY.md

Security Policy

Security Bulletins

See current security bullentins on GitHub: https://github.com/in-toto/witness/security/advisories

For information regarding the security of this project please join:

  • in-toto-witness on CNCF Slack

Reporting a Vulnerability

Please use the below process to report a vulnerability to the project:

Web Form:

  1. Please visit https://github.com/in-toto/witness/security/advisories/new
    • You will receive a confirmation email upon submission
  2. You may be contacted by a maintainer to further discuss the reported item within 3 days. Please bear with us as we seek to understand the breadth and scope of the reported problem, recreate it, and confirm if there is an vulnerability present.

This project follows a 30 day disclosure timeline.

Supported Versions

Information regarding supported versions of this project can be found on in the below table:

Version Supported
Latest
<= Latest - 2

There aren’t any published security advisories