Skip to content

Security: pulumi/pulumi-xyz

Security

SECURITY.md

Pulumi Security

NOTE: This is a mirror of https://www.pulumi.com/security/ which will always serve the latest version of this document.

Pulumi takes security and privacy matters very seriously. We appreciate that our customers and users place a high degree of confidence and trust in our products and services and we strive to meet those expectations.

Vulnerability Reporting

If you believe you’ve discovered a potential vulnerability in Pulumi’s security, please contact us at [email protected]. For non-critical matters please file an issue at https://support.pulumi.com.

When reporting a potential vulnerability, please include as much of the following information as possible.

  • A description of the vulnerability
  • The impacted software or service and its version
  • Proof-of-concept code and/or detailed steps to reproduce

Secure Communications

If you’re a security researcher and you believe that you have found a security issue within any of our services, email the details of your findings to [email protected]. Use PGP to protect the message by using our public PGP key.

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBF16mUgBEADCPyLVKy1pv0cFI6YWfMeRHZG1PmTQSs8g/roqoD+ESETLqBQ3
q8HW1v0yJqYhbTuZjox39+e47/0LJhBE0GXwCER6xASw7sqGlZ2wzmrS0SYKXyS8
ilzKcQmhM6wOLf/AzK+caWjdtm0netvhoeB8DYtJxxcMZwlT+iHVjqh1YOIRnAAl
o44LXuxRUqIz89M8eplRmHNi4BpvAjLbnR4Jg+D1up19K5K793dI15zAf5msEUmS
2KQ4OON8ZvNkdkOcd+hMKk5yclAicfHL9ocKF9V2Tm7xzKP+xQBN9QMHvcVJ3XLj
HbR/cICWkur9lmr5pQkLUF44aN891d+8j2uIgMHIyv7dz3cae6tWP5L/qZyaBUKG
W2Af4+ef8ybUVRIJdjchsANNdGF4lVz7VtUdcrsPhJ/O6NmS+3zb26Mk2OnG455P
uBdtdRVVaHsoLgJ69O2sSBYYKAQbRZtAXxvzVyX0lajOy/iUSR7icdlzI9n9c0Gh
F/2cflOf4CWX81r0R/z2ntF/npuFYgJYKQIejEkDprCWXlkifKgV1jDkQfqqpdTq
CFafqwVhpuH0nPaAItaRWyhig/rDkBKaEo1c6bQpmtiUtSAysi2wLKl+Fcs3H6QG
58/QogfQxcA0SDICGdKeT3dk/5U6qPCvJU/bZBEHJk0wzQ3IqocM9JFU1wARAQAB
tB1QdWx1bWkgVGVhbSA8dGVhbUBwdWx1bWkuY29tPokCVAQTAQgAPhYhBMu4nB58
v6pZbLnlFlR1Bin0/5VZBQJdeplIAhsDBQkHhh+ABQsJCAcCBhUKCQgLAgQWAgMB
Ah4BAheAAAoJEFR1Bin0/5VZMGQP/35Ty7CKBon3exbgrWforVxnVRszkN02A9N8
H8mV+Y0SniaKvN5MCLTMtQWDmvfsIZNBvdH+EnnL4554R7ApJNMp6EzTMkHrpQby
x+6M6rk0x/tdVEI6aQmjUIXWWY9O6nJ3BcHGg5kVQc5qXFeFdOT+KNVgiUt9MzxM
Eupik9/UNtkJ9hgMAV3ZwmHopO91X6uYTiX+fxpaH24wIRon9NmlVzsb6CYbq2N3
ShRJ0l4/HkiA4CqtWykWCGF0UtySOYvRTAvkNS/rXu4ZETfux8HZ2pneB9+D+3Wu
ej4NH2lsNdL1VdiZm8AJkWsLhONsC0b6X9iymsEfexOpaTksouQOudzq1ghv0LMI
XS85H7TIdm5OQ3g3ew3JwUGyOM1jhAvIGCiBbl1c6RG43Wir+ceSgCZlc0N0NX1B
zcU7OidYGKTf3HWMYIvuM+NZUcoBZ/1ejQlKgKe5gRyq5yYz4jblWJFW+HQO0zgT
qr4vymZcm2HMz80BI2o424xP63ofctsVkGmLoXvN0H+ZacDn4Q/C8d0cJAPgryTa
gCPdnxfxuFQw44Mk0hYYCPLK8moEsZtOw0UGLzWvk8dM5zFRHdTxOdzO9rrZEkqm
tDTj8Ycxo2rkuMU8HyTaUHZY6QFbjGMJ0m6Mh7uO/4jLyXBiKwc1dv3Nr31lG4hp
4akixk7WuQINBF16mUgBEACq2Z/3L87QiiIWbBgvSb14phznDwSWMZ9HPduimamV
paS7te1spxsavyV3xBoMYcD/fxcM/tEJotF2OP5H6kWe0PDyNbYkv4cb4hoN2b78
JlKCD40PHg8ZsoUFywmWxRl3Uer5lcaqACysxcSALyr7ryhTbjaLr6s4OZjAgNTW
orsD8TSyk4czeEJsYqV8Au+sU+zZpQmz3IzA43fUfdy47c0aQLqiSuj1ymTpJGeN
4tuxicT0eQEiO68ySMVAfuOAJzYIcTTiasN+YS6nwe8l84iwv8bSA9aAntAjasl6
UYz2YwodZRX3thWcNh1jwlS9naPA87pfy5azcjyPstqcu/KgDCvVJa2OAxdKTQOS
NbFY/GNxUCVBSEJUAMuO/danNOTQsR+FWCsfbZegazdDUTjAsNZdWgZ4DIBNcErX
WlaY3JNjLc8dNVTMdsxpHu8J4cTEQpxXDdpxXe7DMg1QtjaBNHTMbGMweuCypPOt
J96Il8SI37XBlfxAoehZHJVDABTfg5ieCmXhlfmHez7Ow5J6wI9RlNydLTa+THIk
9xJG6InlZNWFfSAx4QLsOgTeoLMjEdF6MiOuV6Iipf6nt56uJohuFHzE/NAs1+pP
Vts5rIHnnG4OOAg7X9ZzUZY6RFXrjZn5om6dhhL6KTDm+TBF+xbJZ1cGmOWZnfEl
jwARAQABiQI8BBgBCAAmFiEEy7icHny/qllsueUWVHUGKfT/lVkFAl16mUgCGwwF
CQeGH4AACgkQVHUGKfT/lVnY2A/7Btm4qKmwwpFKV683+WsTYs4P++SxO8kO7L53
xYqqEzPLSqKS1YAnTivkYREe6A/8B6v3rDH4/btg0PLZ8qJIesH55NViTKD/9OC9
S8j87/FHh3AQP2PFBR7zMO8ny6MBZLZ7PPYzyl92RlScGA8KC/D5N4X+ULrpihxM
y1xmRd7hkih5JRL3kBvxIso8LWDBhzh/FjWQJuVV7ZGYETi7Nksq2tzwne50nVqS
/EBojCQF8yCjIEs8NPdha1aGcNiwtasbWOARvN77PukgIdMa7WoG0cTEbpDGVMtB
uLyZ51xGjIa3gCxBfCg9ktMYOGa5fu5BIi9BJrFaLd4eXIoQq60h4P3zMexu0sfh
aVg5btUTy/Ufe/zVQkl/TwFRWmpcORPcB4upuFuB39GOhD+De4UCVWvRvoIww+IM
aS4oYmsrS83MnTI4kN3+xEiRJaXF4Y4LB4VwJDArZiz00aDiJQJpH94VvZbKgWSX
qd1vZIcFE7Vh0Mvx9KSyyhSx5AOO43UXC1GlG7lTvZN70yqFukcMPKjWgC6MjAQm
Ska9hJu+9cKvItwYz2D5sacdA+3KJTI8MY8kgXDgQjVt3Rs1AoQ3ftd1UsWIfwQ5
5MkOj4N82OHZHDs3r545Kp7Wrs2ubyq87OBg0C2x8zIncaSWtSkPT/GQGy1nvF4b
8KpnpD4=
=+A0k
-----END PGP PUBLIC KEY BLOCK-----

Public Notifications

Public security notifications are posted in the #announcements channel of the Pulumi Community on Slack.

There aren’t any published security advisories