Please use the Private vulnerability reporting in the security tab to report a vulnerability in Assemblyline. We take security very seriously and will address it as soon as possible.

Note: Vulnerabilities raised should take into context that Assemblyline is distributed as containerized software. Running the software without any containerization in a production scenario is outside of the expected use and guidelines mentioned in our documentation.

Any report ignoring normal deployment procedures may be closed without warning by a member of the development team.