To report a security issue or vulnerability, submit a private vulnerability report via GitHub with a description of the issue, steps to reproduce, affected versions, and known mitigations.
The maintainers will respond within 7 working days. Confirmed vulnerabilities will be disclosed following a 90-day disclosure timeline.
Other contacts: cncf-kubescape-maintainers@lists.cncf.io
For full details see the Kubescape project security policy.