If you believe you have found a security vulnerability within Infracost, please let us know right away. We'll try and fix the problem as soon as possible.

Do not report vulnerabilities using public GitHub issues. Instead, email security@infracost.io with a detailed account of the issue. Please submit one issue per email, this helps us triage vulnerabilities.

Once we've received your email we'll keep you updated as we fix the vulnerability.

We release patches for security vulnerabilities as soon as they are found and fixed. Please refer to the below table to understand which CLI versions are eligible for security patches.