Security issues or vulnerabilities can be reported in one of two ways:
- By emailing
security@chainguard.dev
- By reporting a finding privately via https://github.com/chainguard-dev/malcontent/security/advisories/new
Security issues or vulnerabilities can also be addressed directly via a PR -- contributions are always welcome.
More on contributing can be found in DEVELOPMENT.md.
While malcontent
aims to err on the "subtle" side of scanning, certain behaviors, including malicious behaviors, may not be covered by the existing YARA Rules.
If this is the case, please open an issue: https://github.com/chainguard-dev/malcontent/issues or feel free to contribute changes or additions.