Skip to content

Security: Workday/spawn.build

Security

SECURITY.md

Security Policy

Supported Versions

The following versions of spawn.build are currently supported with security updates:

Version Supported
0.1.x
< 0.1

Reporting a Vulnerability

This is a Workday sponsored project hosted on GitHub.

To report a security vulnerability, please do not open a public GitHub issue. Instead:

  1. Navigate to the Security Advisories page for this repository and click Report a vulnerability.

  2. Alternatively, contact the project maintainers directly by emailing the developers.

What to Include

Please include as much of the following information as possible to help us understand and reproduce the issue:

  • The type of vulnerability (e.g. dependency with known CVE, insecure API usage, credential leak)
  • The affected module(s) and version(s)
  • Step-by-step instructions to reproduce the issue
  • Any proof-of-concept code or test cases
  • The potential impact and severity assessment

Response Timeline

Stage Target
Acknowledgement 2 business days
Severity assessment 5 business days
Fix or mitigation plan 15 business days

There aren’t any published security advisories