Shipwright encourages all users and contributors to report potential security vulnerabilities to the project maintainers. If you think you have found a security flaw related to Shipwright's code, please send a report using one of the below methods.

To report a vulnerability via GitHub issues, click on the Issues tab at the top of any repository and then click on the New issue button, then click on the Report a vulnerability button and fill out the form.

To report a vulnerability via email, send an email to shipwright-security@lists.shipwright.io. Encryption using GPG is NOT required to make a disclosure.