Knative Security and Disclosure Information

This page describes Knative security and disclosure information.

Knative threat model

• Threat model

Report a vulnerability

We’re extremely grateful for security researchers and users that report vulnerabilities to the Knative Open Source Community. All reports are thoroughly investigated by a set of community volunteers.

To make a report, please email the private security@knative.team list with the security detauls and the details expected for all Knative bug reports.

When Should I Report a Vulnerability?

• You think you discovered a potential security vulnerability in Knative
• You are unsure how a vulnerability affects Knative
• You think you discovered a vulnerability in another project that Knative depends on
  • For projects with their own vulnerability reporting and disclosure process, please report it directly there

When Should I NOT Report a Vulnerability?

• You need help tuning Knative components for security
• You need help applying security related updates
• Your issue is not security related

Vulnerability response

• Early disclosure of security vulnerabilities
• Vulnerability disclosure response policy

Security working group

• General information
• Security Working Group Charter