We strongly encourage people to report security vulnerabilities privately to our security team before disclosing them in a public forum.

Please note that the e-mail address below should only be used for reporting undisclosed security vulnerabilities in Cloud Native Buildpacks products and managing the process of fixing such vulnerabilities. We cannot accept regular bug reports or other security related queries at this address.

The e-mail address to use to contact the Cloud Native Buildpacks Security Team is security@buildpacks.io.

The fingerprint is: 7AA4 452E A0C3 56F8 894D C869 4E56 F857 5412 6F64

It can be obtained from a public key server such as pgp.mit.edu.