Knative Security and Disclosure Information

This page describes Knative security and disclosure information.

Knative threat model

Report a vulnerability

We’re extremely grateful for security researchers and users that report vulnerabilities to the Knative Open Source Community. All reports are thoroughly investigated by a set of community volunteers.

To make a report, please email the private security@knative.team list with the security detauls and the details expected for all Knative bug reports.

When Should I Report a Vulnerability?

  • You think you discovered a potential security vulnerability in Knative
  • You are unsure how a vulnerability affects Knative
  • You think you discovered a vulnerability in another project that Knative depends on
    • For projects with their own vulnerability reporting and disclosure process, please report it directly there

When Should I NOT Report a Vulnerability?

  • You need help tuning Knative components for security
  • You need help applying security related updates
  • Your issue is not security related

Vulnerability response

Security working group