Version v1.1 (2020-08-08)

The security policy in argoproj/argoproj acts as a proxy policy for the Argo sub-projects Argo Workflows, Argo Events, Argo Rollouts and Argo CD,

For more specific policies, please refer to the following documents in their respective code repositories:

• Security Policy for Argo Workflows
• Security Policy for Argo Events
• Security Policy for Argo Rollouts
• Security Policy for Argo CD

In general, we kindly ask you for responsible disclosure of any security vulnerabilities you may have found in one of our projects. Please do not create a GitHub issue, but instead contact us via e-mail at the following address:

• [email protected]

We also kindly ask you to allow us some time for analysing the report and react on it. We will get in contact with you as soon as possible.

Please refer to the sub-projects' dedicated security policies (see above) for specific details on how we handle reported vulnerabilities, public disclosure, crediting and other information.