Skip to content

Security: axonivy/pipeline-as-code

SECURITY.md

Reporting a Vulnerability

At Axon Ivy, we take security seriously. If you believe you've found a security vulnerability in our software, we encourage you to let us know right away. We investigate all reported vulnerabilities promptly.

To report a vulnerability, please send an email to [email protected] with the following information:

  • Description of the vulnerability
  • Steps to reproduce the vulnerability
  • Any additional information or context that may be helpful

Please refrain from publicly disclosing the vulnerability until it has been addressed by our team.

Response Time

We strive to respond to security vulnerability reports as quickly as possible. Upon receiving your report, we will acknowledge it within 72 hours and we will release a patch as soon as possible depending on complexity, but historically within a few days. Please report (suspected) security vulnerabilities at https://support.axonivy.com/.

Responsible Disclosure

We encourage responsible disclosure of security vulnerabilities. We believe that working together with security researchers and the broader community helps us improve the security of our software for everyone.

Contact

For any questions or concerns regarding security, please contact us at [email protected].

There aren’t any published security advisories