Skip to content

Security: Rachi11/keda

Security

SECURITY.md

Security Policy

Supported Versions

KEDA commits to supporting the n-2 version minor version of the current major release; as well as the last minor version of the previous major release.

Here's an overview:

Version Supported
2.0.x
1.5.x
< 1.5

Prevention

KEDA maintainers are working to incorporate prevention by using various measures:

  • Scan published container images (issue)
  • Scan container images for changes in PRs (issue)
  • Scan changes to Helm charts in PRs (issue)

Disclosures

We strive to ship secure software, but we need the community to help us find security breaches.

In case of a confirmed breach, reporters will get full credit and can be keep in the loop, if preferred.

Private Disclosure Processes

We ask that all suspected vulnerabilities be privately and responsibly disclosed by contacting our maintainers.

Public Disclosure Processes

If you know of a publicly disclosed security vulnerability please IMMEDIATELY email the KEDA maintainers to inform about the vulnerability so they may start the patch, release, and communication process.

Compensation

We do not provide compensations for reporting vulnerabilities except for eternal gratitude.

Communication

GitHub Security Advisory will be used to communicate during the process of identifying, fixing & shipping the mitigation of the vulnerability.

The advisory will only be made public when the patched version is released to inform the community of the breach and its potential security impact.

There aren’t any published security advisories