Skip to content

Security: artifacthub/hub

SECURITY.md

Security policy

Reporting a vulnerability

To report a security problem in Artifact Hub, please contact the Maintainers Team at cncf-artifacthub-maintainers@lists.cncf.io.

Remediation and Notification Process

The maintainers will evaluate the report to verify the security issue. If the issue does not have a security impact, the report and follow-up will move to GitHub issues. If a security issue exists, the maintainers use the following process:

  1. Create a new draft advisory via GitHub Security Advisories
  2. Request a CVE identification number
  3. Collaborate on a private fork, part of the GitHub Security Advisory system, to fix the issue.
  4. Once a solution is ready, the CVE will be finalized and published, the change will be merged, and there will be a new release of Artifact Hub including the security fix.
Learn more about advisories related to artifacthub/hub in the GitHub Advisory Database