Thank you for taking the time to disclose a potential security issue.

Please report vulnerabilities via email to [email protected].

To assist our triage, please include:

• A clear description of the issue and its potential impact.
• Steps to reproduce or proof-of-concept if available.
• Affected versions or commit hashes.
• Any known mitigations or fixes.
• How you would like to be credited if attribution is desired (e.g., name, known handle).

We are grateful when vulnerabilities are reported to us.

As a reporter, you can expect:

• A prompt acknowledgment of your report (within 72 hours).
• A transparent dialog and timely fix for valid issues.
• Credit for disclosure, if desired.

Please see the full Chainguard Vulnerability Disclosure Policy to learn more.