SECURITY.md

# Security Policy

## Supported Versions

This is an open source project that is provided as-is without warrenty or liability.  
As such no supportability commitment. The maintainers will do the best they can to address any report promptly and responsibly.

## Reporting a Vulnerability

Please use the "Private vulnerability reporting" feature in the GitHub repository (under the "Security" tab).  

⚠️ **Important:**  
This policy is intended for vulnerabilities in **Trivy itself** (e.g., core functionality, scanning logic, or security features).  

If you discover a vulnerability in a **dependency module** (e.g., a third-party library used by Trivy), please **do not report it here**.  
Instead, open a ticket in [GitHub Discussions](https://github.com/aquasecurity/trivy/discussions) so that the maintainers and community can evaluate and address it appropriately.
chore: create SECURITY.md (#4601) 2023-06-11 06:16:42 +03:00			`# Security Policy`

			`## Supported Versions`

			`This is an open source project that is provided as-is without warrenty or liability.`
			`As such no supportability commitment. The maintainers will do the best they can to address any report promptly and responsibly.`

			`## Reporting a Vulnerability`

docs: update vulnerability reporting guidelines in SECURITY.md (#9395) 2025-10-28 09:57:45 +04:00			`Please use the "Private vulnerability reporting" feature in the GitHub repository (under the "Security" tab).`

			`⚠️ Important:`
			`This policy is intended for vulnerabilities in Trivy itself (e.g., core functionality, scanning logic, or security features).`

			`If you discover a vulnerability in a dependency module (e.g., a third-party library used by Trivy), please do not report it here.`
			`Instead, open a ticket in [GitHub Discussions](https://github.com/aquasecurity/trivy/discussions) so that the maintainers and community can evaluate and address it appropriately.`