This document provide details on the Ratify Project security policy and details the process on how to report a security vulnerability within the Ratify Project organization.
We're extremely grateful for security researchers and users who report vulnerabilities to the Ratify Project community. All reports are thouroughly investigated by a set of Project maintainers.
To make a report plese use the GitHub Security Vulnerability Disclosure process for each one of the Ratify Project repositories.
We would like to give credit to the Helm Community for using their security process and policy as an example.