GitHub's bots crawl nativelink to detect security vulnerabilities wherever possible.

TraceMachina and the nativelink authors place a high emphasis on fixing any vulnerabilities. Please send a report if something doesn't look right.

At the moment no version of nativelink is officially supported. Consider using the latest commit on the main branch until official production binaries are released.

Prefer reporting vulnerabilities via GitHub.

If you'd rather communicate via email please contact [email protected], [email protected], [email protected] or [email protected].

See Advisories for publicly disclosed vulnerabilities.