Reporting security issues

Snyk requests that vulnerabilities in a Snyk service be reported according to the process explained on this page.

How to report a security issue in a Snyk service

Snyk values the security community and believes that responsible disclosure of security vulnerabilities helps ensure the security and privacy of all users.

If you believe you have found a security vulnerability in any Snyk services, please let Snyk know right away. Snyk will investigate all legitimate reports and strive to fix the problem quickly. Before reporting, though, please review the Snyk Responsible Disclosure Policy.

Use the Snyk Vulnerability Disclosure Program on Intigriti to report vulnerabilities affecting Snyk products. Please do not contact Snyk employees directly or through other channels about a security report.

Snyk responsible disclosure policy

Snyk will investigate vulnerabilities that have been reported in Snyk services and take necessary action. Snyk asks that when you report a vulnerability in a Snyk service to Snyk, you do the following:

• Give Snyk reasonable time to investigate and mitigate an issue you report before making any information about the report public or sharing such information with others.

• Avoid interacting with an individual account (which includes modifying or accessing data from the account) if the account owner has not consented to such actions.

• Make a good faith effort to avoid privacy violations and disruptions to others, including (but not limited to) destruction of data and interruption or degradation of our services.

• Avoid exploiting a security issue you discover for any reason. (This includes demonstrating additional risk, such as attempted compromise of sensitive company data or probing for additional issues).

• Avoid violating any other applicable laws or regulations.