Skip to content

Security: sonatype-nexus-community/the-cla

Security

SECURITY.md

Reporting Security Vulnerabilities

When to report

First check important advisories of known security vulnerabilities in Sonatype products to see if this has been previously reported.

Duplicate reports for the same vulnerability will be deleted.

How to report

Sonatype utilizes the HackerOne platform for the Bug Bounty Program. If you do not have an HackerOne account, please send an email to security@sonatype.com to receive an invitation.

See https://www.sonatype.com/report-a-security-vulnerability.

Prior to reporting, please review the program's policy for SLAs, program rules, in and out of scope vulnerabilities/applications, and bounty eligibility.

There aren’t any published security advisories