SECURITY.md

The Jenkins X project takes security seriously. We make every possible effort to ensure users can adequately secure their automation infrastructure. To that end, we work with Jenkins X platform and app developers, as well as security researchers, to fix security vulnerabilities in Jenkins X in a timely manner, and to improve the security of Jenkins X in general.

If you find a vulnerability in Jenkins X, please report it in the Jenkins CI issue tracker under theSECURITY project.Please do not report security issues in the github tracker.This project is configured in such a way that only the reporter and the security team can see the details. By restricting access to this potentially sensitive information, we can work on a fix and deliver it before the method of attack becomes well-known.

If you are unable to report using the above issue tracker, you can also send your report to the private Jenkins Security Team mailing list:jenkinsci-cert@googlegroups.com

Whilst the Jenkins X team is not responsible for the quality of third party apps, please still use the above reporting mechanism and we will co-ordinate with the app developer to ensure a fix in a secure maner.

There aren’t any published security advisories