Skip to content
This repository has been archived by the owner on Sep 18, 2020. It is now read-only.

Security: sonatype-nexus-community/nexus-repository-r

Security

SECURITY.md

Reporting Security Vulnerabilities

When to report

First check important advisories of known security vulnerabilities in Sonatype products to see if this has been previously reported.

Duplicate reports for the same vulnerability will be deleted.

How to report

Sonatype utilizes the HackerOne platform for the Bug Bounty Program. If you do not have an HackerOne account, please send an email to security@sonatype.com to receive an invitation.

See https://www.sonatype.com/report-a-security-vulnerability.

Prior to reporting, please review the program's policy for SLAs, program rules, in and out of scope vulnerabilities/applications, and bounty eligibility.

There aren’t any published security advisories