Security

SECURITY.md

Security Policy

Supported Versions

Version	Supported
v1.x	✅

Reporting a Vulnerability

Please submit any security vulnerabilities via our public bug bounty program so we can reward you accordingly.

Security features

We do CodeQL code scanning in our CI/CD pipeline.
We execute Go vulnerability scanning in our CI/CD pipeline.
We run trivy vulnerability scanning in our CI/CD pipeline.
Our dependencies are automatically kept up-to-date via GitHub Dependabot.
Pull requests are required and need approval from the code owners.
We utilize a release process that produces SBOMs and is SLSA 3 compliance.
Tests need to complete before a merge in our CI/CD pipeline.

There aren’t any published security advisories