mirror of
https://github.com/aquasecurity/trivy.git
synced 2025-12-05 20:40:16 -08:00
18 lines
886 B
Markdown
18 lines
886 B
Markdown
# Security Policy
|
|
|
|
## Supported Versions
|
|
|
|
This is an open source project that is provided as-is without warranty or liability.
|
|
As such, there is no supportability commitment. The maintainers will do the best they can to address any report promptly and responsibly.
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
Please use the "Private vulnerability reporting" feature in the GitHub repository (under the "Security" tab).
|
|
|
|
⚠️ **Important:**
|
|
This policy is intended for vulnerabilities in **Trivy itself** (e.g., core functionality, scanning logic, or security features).
|
|
|
|
If you discover a vulnerability in a **dependency module** (e.g., a third-party library used by Trivy), please **do not report it here**.
|
|
Instead, open a ticket in [GitHub Discussions](https://github.com/aquasecurity/trivy/discussions) so that the maintainers and community can evaluate and address it appropriately.
|
|
|