Knative Security and Disclosure Information¶
This page describes Knative security and disclosure information.
Knative threat model¶
Report a vulnerability¶
We're extremely grateful for security researchers and users that report vulnerabilities to the Knative Open Source Community. All reports are thoroughly investigated by a set of community volunteers.
To make a report, please email the private security@knative.team list with the security detauls and the details expected for all Knative bug reports.
When Should I Report a Vulnerability?¶
- You think you discovered a potential security vulnerability in Knative
- You are unsure how a vulnerability affects Knative
- You think you discovered a vulnerability in another project that Knative depends on
- For projects with their own vulnerability reporting and disclosure process, please report it directly there
When Should I NOT Report a Vulnerability?¶
- You need help tuning Knative components for security
- You need help applying security related updates
- Your issue is not security related