Skip to content

Security: jakeaston/openmct

Security

SECURITY.md

Security Policy

The Open MCT team secures our code base using a combination of code review, dependency review, and periodic security reviews. Static analysis performed during automated verification additionally safeguards against common coding errors which may result in vulnerabilities.

Reporting a Vulnerability

For general defects, please for a Bug Report

To report a vulnerability for Open MCT please send a detailed report to arc-dl-openmct.

See our top-level security policy for additional information.

CodeQL and LGTM

The CodeQL GitHub Actions workflow is available to the public. To review the results, fork the repository and run the CodeQL workflow.

CodeQL is run for every pull-request in GitHub Actions.

The project is also monitored by LGTM and is available to public.

ESLint

Static analysis is run for every push on the master branch and every pull request on all branches in Github Actions.

For more information about ESLint, visit https://eslint.org/.

General Support

For additional support, please open a Github Discussion.

If you wish to report a cybersecurity incident or concern, please contact the NASA Security Operations Center either by phone at 1-877-627-2732 or via email address [email protected].

There aren’t any published security advisories