To report as security issue in the protobom family of projects, please use the GitHub private vulnerability reporting tool. The maintainers will give your report the maximum priority possible and will try to triage it right away. We will also credit you if protobom choses to issue a formal advisory.
- You found a vulnerability in the protobom code.
- You found a vulnerability in one of the protobom dependencies that affects the project that has not been patched yet.
- You found a bug or malfunction in the protobom code (not security related).
- You want to add a feature to protobom.
- You found an insecure use of the protobom libraries or tools in another project.
To contact the project maintainers to discuss security related issues, please email one or more of the maintainers listed in the CODEOWNERS file.