If you discover a security vulnerability in any CloudDrove project, please report it responsibly.
Email: security@clouddrove.com
Please do not create a public GitHub issue for security vulnerabilities.
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
| Severity | Acknowledgement | Resolution Target |
|---|---|---|
| Critical | 24 hours | 7 days |
| High | 48 hours | 14 days |
| Medium | 1 week | 30 days |
| Low | 2 weeks | 90 days |
This policy applies to all repositories under the CloudDrove GitHub organization, including:
- Terraform modules (AWS, Azure, GCP)
- GitHub Actions and reusable workflows
- Supporting tools and libraries
Only the latest released version of each module is supported with security updates. We recommend always using the most recent version.
- We will acknowledge receipt of your report within the SLA above.
- We will work with you to understand and validate the issue.
- We will release a fix and publicly disclose the issue once a patch is available.
- We will credit reporters (unless you prefer to remain anonymous).