Security Policy

Reporting a Vulnerability

If you find a security vulnerability in the Cirrus CI platform (the backend, web interface, etc.), please follow the steps below.

1. Do NOT comment about the vulnerability publicly.

2. Please email hello@cirruslabs.org with the following format:

   Subject: Platform Security Risk
   
   HOW TO EXPLOIT
   
   Give exact details so our team can replicate it.
   
   OTHER INFORMATION
   
   If anything else needs to be said, put it here.
   

3. Please be patient. You will get an email back soon.

Thank you!