Reporting security issues

How to report a security issue in a Snyk service

Snyk values the security community and believes that responsible disclosure of security vulnerabilities helps ensure the security and privacy of all users.

If you believe you have found a security vulnerability in any Snyk services, please let Snyk know right away. Snyk will investigate all legitimate reports and strive to fix the problem quickly. Before reporting, though, please review the Snyk Responsible Disclosure Policy.

Submit your report to security@snyk.io (one issue per report) and respond to the report with any updates. Please do not contact Snyk employees directly or through other channels about a security report.

Snyk Responsible Disclosure Policy

Snyk will investigate vulnerabilities that have been reported in Snyk services and take necessary action. Snyk asks that when you report a vulnerability in a Snyk service to Snyk, you do the following:

• Give Snyk reasonable time to investigate and mitigate an issue you report before making any information about the report public or sharing such information with others.

• Avoid interacting with an individual account (which includes modifying or accessing data from the account) if the account owner has not consented to such actions.

• Make a good faith effort to avoid privacy violations and disruptions to others, including (but not limited to) destruction of data and interruption or degradation of our services.

• Avoid exploiting a security issue you discover for any reason. (This includes demonstrating additional risk, such as attempted compromise of sensitive company data or probing for additional issues).

• Avoid violating any other applicable laws or regulations.