Skip to content

Security: coder/code-server

Security

Report a vulnerability

docs/SECURITY.md

Security Policy

Coder and the code-server team want to keep the code-server project secure and safe for end-users.

Tools

We use the following tools to help us stay on top of vulnerability mitigation.

  • dependabot
    • Submits pull requests to upgrade dependencies. We use dependabot's version upgrades as well as security updates.
  • code-scanning
    • CodeQL
      • Semantic code analysis engine that runs on a regular schedule (see codeql-analysis.yml)
    • trivy
      • Comprehensive vulnerability scanner that runs on PRs into the default branch and scans both our container image and repository code (see trivy-scan-repo and trivy-scan-image jobs in build.yaml)
  • npm audit
    • Audits NPM dependencies.

Supported Versions

Coder sponsors the development and maintenance of the code-server project. We will fix security issues within 90 days of receiving a report and publish the fix in a subsequent release. The code-server project does not provide backports or patch releases for security issues at this time.

Version Supported
Latest

Reporting a Vulnerability

To report a vulnerability, please send an email to security[@]coder.com, and our security team will respond to you.

Learn more about advisories related to coder/code-server in the GitHub Advisory Database
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy