mirror of
https://github.com/grafana/grafana.git
synced 2024-11-22 08:56:43 -06:00
6eeca84bac
* Update SECURITY.md * Shorten `SECURITY.md` to link to the bug bounty program * Add old text back in * make text clickable * Add new PGP FP * adds the new PGP fingerprint
24 lines
1.5 KiB
Markdown
24 lines
1.5 KiB
Markdown
# Reporting security issues
|
|
|
|
This product is in scope for our Bug Bounty Program. To submit a vulnerability report, please visit [Grafana Labs Bug Bounty Policy page](https://github.com/grafana/bugbounty) and follow the instructions provided. Our security team will review your submission and get back to you as soon as possible.
|
|
|
|
---
|
|
|
|
For any other security issues, please send an email to security@grafana.com
|
|
|
|
Please encrypt your message to us; please use our PGP key. The key fingerprint is:
|
|
|
|
225E 6A9B BB15 A37E 95EB 6312 C66A 51CC B44C 27E0
|
|
|
|
The key is available from [keyserver.ubuntu.com](https://keyserver.ubuntu.com/pks/lookup?search=0x225E6A9BBB15A37E95EB6312C66A51CCB44C27E0&fingerprint=on&op=index).
|
|
|
|
Grafana Labs will send you a response indicating the next steps in handling your report. After the initial reply to your report, the security team will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.
|
|
|
|
**Important:** We ask you to not disclose the vulnerability before it have been fixed and announced, unless you received a response from the Grafana Labs security team that you can do so.
|
|
|
|
## Security announcements
|
|
|
|
We will post a summary, remediation, and mitigation details for any patch containing security fixes on the Grafana blog. The security announcement blog posts will be tagged with the [security tag](https://grafana.com/tags/security/).
|
|
|
|
You can also track security announcements via the [RSS feed](https://grafana.com/tags/security/index.xml).
|