See current security bullentins on GitHub: https://github.com/in-toto/witness/security/advisories
For information regarding the security of this project please join:
- in-toto-witness on CNCF Slack
Please use the below process to report a vulnerability to the project:
Web Form:
- Please visit https://github.com/in-toto/witness/security/advisories/new
- You will receive a confirmation email upon submission
- You may be contacted by a maintainer to further discuss the reported item within 3 days. Please bear with us as we seek to understand the breadth and scope of the reported problem, recreate it, and confirm if there is an vulnerability present.
This project follows a 30 day disclosure timeline.
Information regarding supported versions of this project can be found on in the below table:
| Version | Supported |
|---|---|
| Latest | ✅ |
| <= Latest - 2 | ❌ |