Security

We take security very seriously, but any complex software project is going to have some vulnerabilities. We work with core maintainers of the project to evaluate and address security vulnerabilities in a timely manner.

Reporting Vulnerabilities

Please report any security issues to our private mailing list screwdriver-oss-security@yahooinc.com; use github issues or slack for non security issues.

Team

Screwriver security team consists of core maintainers of Screwdriver. Our goal is to improve the security of Screwdriver and to give cluster administrators tools and information needed to secure their Screwdriver build clusters.

Joining Team

If you are interested, please reach out to the security team at screwdriver-oss-security@yahooinc.com. Membership is limited to people with a history of contributions to Screwdriver project and is subject to approval by current members of Security Team.

Past Security Issues

None reported yet!