ADR-018 governs the full vulnerability-intake and disclosure workflow. ADR-022 governs the two-key enforcement requirement for high-impact operations.
| Version | Status | Security patches |
|---|---|---|
| 1.x | ✅ GA | Latest minor only |
| 0.x | ⛔ Deprecated | None (upgrade required) |
Do not open a public GitHub issue for security reports.
- Go to the Security tab.
- Click Report a vulnerability.
- Fill in the template (see below).
- GitHub creates a private advisory — only maintainers and the reporter see it.
Send to security@forge.dev (PGP key ID 0xDEADBEEF, fingerprint in KEYS.asc).
Title: Short description (e.g. "Path traversal in forge scaffold")
CVSS score: (your estimate, or leave blank)
Affected: forge version(s), OS, Go version
Reproducer: Minimal steps or PoC (attach, do not paste keys/tokens)
Impact: What an attacker can achieve
Mitigations: Anything that reduces exploitability
| Milestone | Target |
|---|---|
| Acknowledgement | 3 business days |
| Initial triage + severity rating | 7 calendar days |
| Fix or mitigation shipped | 30 days for CVSS ≥ 7.0 (High/Critical) |
| Fix or mitigation shipped | 90 days for CVSS < 7.0 (Medium/Low) |
| Public disclosure | After fix ships, coordinated with reporter |
We follow a 90-day coordinated disclosure model (aligned with Google Project Zero). If the reporter requires disclosure earlier, we will negotiate in good faith.
Forge operates a community bug-bounty program. See BUG_BOUNTY.md for scope, reward tiers, and submission instructions.
We use CVSS v3.1 base scores:
| Score range | Severity | Response target |
|---|---|---|
| 9.0–10.0 | Critical | 30 days |
| 7.0–8.9 | High | 30 days |
| 4.0–6.9 | Medium | 90 days |
| 0.1–3.9 | Low | 90 days |
For confirmed vulnerabilities, Forge will request a CVE from MITRE via the
GitHub Security Advisory workflow. Tracking IDs use the format FORGE-VULN-YYYY-NNN.
- The
forgeCLI binary and any first-party packages undercmd/,internal/. - The plugin runtime and WASM sandbox (per ADR-002).
- CI/CD configuration in
.github/workflows/. - The
forge scan securityengine and rule set. - The two-key enforcement library (
internal/audit/twokey.go, per ADR-022). - LLM provider integration (
internal/llmprovider/) — prompt injection, key exposure.
- Third-party plugins (report to the plugin author directly).
- Test fixtures / example apps explicitly marked "vulnerable on purpose" in their README.
- Denial-of-service attacks requiring >10 Gbps sustained traffic.
- Social engineering of maintainers.
- Vulnerabilities in dependencies not yet reported upstream.
| Control | Implementation |
|---|---|
| Path traversal | internal/fssandbox allow/deny list on all user-supplied paths |
| Subprocess injection | internal/procspawn allow-list; no shell=true |
| Secret redaction | internal/secretrewriter strips keys from logs and LLM prompts |
| Two-key enforcement | internal/audit/twokey.go for high-impact ops (ADR-022) |
| Plugin sandbox | WASM/wazero with capability-gated imports (ADR-002) |
| OWASP Top 10 | forge scan security CI gate enforced on every PR |
| Token budget | internal/llmbudget prevents runaway LLM spend |
Forge undergoes periodic external penetration testing. See PENTEST.md for scope,
methodology, and findings process. The last published pentest summary is in
docs/pentest/ (redacted version).
- Reporter submits via private channel.
- Maintainers acknowledge within 3 business days.
- Maintainers triage, assign
FORGE-VULN-YYYY-NNN, rate severity. - Fix developed in a private fork or branch.
- Advisory draft shared with reporter for review ≥ 7 days before publication.
- Fix released; public advisory published; CVE requested.
- Reporter credited in the advisory (unless anonymity requested).
Security researchers who have responsibly disclosed vulnerabilities are credited
in CHANGELOG.md and the GitHub security advisory. Thank you for keeping forge safe.