Reporting a Security Vulnerability

Report a security vulnerability providing the necessary information to our development team.

Where to report a security vulnerability

To report security-related bugs, use Devopness' open source repo security section and our team will analyze the report and circle back once the validity of the report has been assessed. DO NOT submit a ticket or post to any public groups.

How to write a good vulnerability report

  1. Give a short summary of the problem. Focus on making the vulnerability's impact and severity as clear as possible.
  2. Tell which Devopness module is affected (Devopness API, Devopness website, Devopness web app, API Documentation, Devopness SDK).
    1. Tell which versions are affected (in case of Devopness SDK).
  3. Then, give all details gathered about the vulnerability. If you are able to point to the part of the source code responsible for the vulnerability, you will be helping the maintainers tackle the problematic code more quickly.
  4. Lay out the steps of PoC (Proof of Concept). Aim to make the steps as complete as possible. Also, include specific configuration details, if relevant.
  5. Explain the vulnerability's impact. What kind of vulnerability is it? Who is impacted by it?