Skip to content

Knative Security and Disclosure Information

This page describes Knative security and disclosure information.

Knative threat model

Report a vulnerability

We're extremely grateful for security researchers and users that report vulnerabilities to the Knative Open Source Community. All reports are thoroughly investigated by a set of community volunteers.

To make a report, please email the private list with the security detauls and the details expected for all Knative bug reports.

When Should I Report a Vulnerability?

  • You think you discovered a potential security vulnerability in Knative
  • You are unsure how a vulnerability affects Knative
  • You think you discovered a vulnerability in another project that Knative depends on
    • For projects with their own vulnerability reporting and disclosure process, please report it directly there

When Should I NOT Report a Vulnerability?

  • You need help tuning Knative components for security
  • You need help applying security related updates
  • Your issue is not security related

Vulnerability response

Security working group

Back to top

We use analytics and cookies to understand site traffic. Information about your use of our site is shared with Google for that purpose. Learn more.

× OK