Security Policy

Reporting a Vulnerability

If you find a security vulnerability in the Cirrus CI platform (the backend, web interface, etc.), please follow the steps below.

  1. Do NOT comment about the vulnerability publicly.
  2. Please email hello@cirruslabs.org with the following format:

    Subject: Platform Security Risk
    
    HOW TO EXPLOIT
    
    Give exact details so our team can replicate it.
    
    OTHER INFORMATION
    
    If anything else needs to be said, put it here.
    
  3. Please be patient. You will get an email back soon.

Thank you! 🙌