Security Policy

This policy outlines the commitment and practices of the go-openapi maintainers regarding security.

Supported Versions

Version	Supported
2.1.x	✅

Vulnerability checks in place

This repository uses automated vulnerability scans, at every merged commit and at least once a week.

We use:

GitHub CodeQL
trivy
govulncheck

Reports are centralized in github security reports and visible to the maintainers.

Reporting a vulnerability

If you become aware of a security vulnerability that affects the current repository, please report it privately to the maintainers rather than opening a publicly visible GitHub issue.

Please follow the instructions provided by github to Privately report a security vulnerability.

TL;DR

On Github, navigate to the project’s “Security” tab then click on “Report a vulnerability”.