If you discover a security vulnerability in helmkit, please report it responsibly. Do not report security issues via public GitHub issues or pull requests.
Preferred method: Email security.emporium706@passmail.com
Please include as much detail as possible:
- Type of vulnerability (e.g., buffer overflow, injection)
- Full paths of source file(s) related to the issue
- Steps to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact assessment
We aim to acknowledge security reports within 48 hours and provide a more detailed response within 7 days.
| Version | Supported |
|---|---|
| 1.x | ✅ |
| 0.x | ❌ |
Upon receiving a security report, we will:
- Confirm the issue and assess severity
- Identify affected versions
- Prepare a fix for supported versions
- Coordinate disclosure timeline with reporter
- Release the fix as a security update
Security fixes are released as patch updates and announced in the project release notes.
This security policy applies to the helmkit Docker image and its included tools:
- Helm
- Helmfile
- kubectl
- Helm Diff
- Helm Secrets
- SOPS
Vulnerabilities in third-party tools bundled in the image should be reported to their respective maintainers.
We appreciate the efforts of security researchers who responsibly disclose vulnerabilities in helmkit.