admin/aquasecurity-trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2026-01-31 13:53:14 +08:00
Code Issues Packages Projects Releases Wiki Activity

docs: update vulnerability reporting guidelines in SECURITY.md (#9395)

Browse Source
This commit is contained in:
Teppei Fukuda
2025-10-28 09:57:45 +04:00
committed by GitHub
parent 3cf4bfda3b
commit 39051b7ed8
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
SECURITY.md
View File

@@ -7,4 +7,10 @@ As such no supportability commitment. The maintainers will do the best they can
## Reporting a Vulnerability
Please use the "Private vulnerability reporting" feature in the GitHub repository (under the "Security" tab).
Please use the "Private vulnerability reporting" feature in the GitHub repository (under the "Security" tab).
⚠️ **Important:**
This policy is intended for vulnerabilities in **Trivy itself** (e.g., core functionality, scanning logic, or security features).
If you discover a vulnerability in a **dependency module** (e.g., a third-party library used by Trivy), please **do not report it here**.
Instead, open a ticket in [GitHub Discussions](https://github.com/aquasecurity/trivy/discussions) so that the maintainers and community can evaluate and address it appropriately.