Skip to content

Security: fleetdm/fleet

SECURITY.md

Security Policy

Reporting a Vulnerability

Please report any vulnerabilities discovered in Fleet products to security at fleetdm.com.

Fleet endeavors to acknowledge and fix any reported vulnerabilities ASAP. Acknowledgement is typically within 1 business day, and patches usually go out within 5 business days (depending on severity and timing).

PGP Key

To encrypt vulnerability reports before sending them, please use this PGP key.

The fingerprint of the key is 23A1 9D1F 16D7 1846 57D1  6D67 320D B57D E4F0 EE8F.

Vulnerability tracking

GitHub issues concerning vulnerabilities will be tagged with the security label to differentiate them from other issues and maintain SOC2 compliance.

Learn more about advisories related to fleetdm/fleet in the GitHub Advisory Database