Pactflow uses the following tools to ensure the On-Premises image is kept as secure as possible.
- Bundler Audit
- NPM audit
- Quay Security Scanner
- Amazon ECR Image scanning
To report a vulnerability, please email us at email@example.com and ensure you include the relevant CVE, and the name and/or path to the vulnerable component.
This is a CSRF vulnerability during sign in.
This vulnerability is mitigated in code. Pactflow uses a POST request method with a CSRF token for the initial request to the IDP, as per the instructions here.