syft/SECURITY.md

Security Policy

Supported Versions

Security updates are applied only to the most recent release, try to always be up to date.

Reporting a Vulnerability

To report a security issue, please email security@anchore.com with a description of the issue, the steps you took to create the issue, affected versions, and, if known, mitigations for the issue.

All support will be made on a best effort basis, so please indicate the "urgency level" of the vulnerability as Critical, High, Medium or Low.

For more details, see our security policy documentation.