This document outlines security policy and procedures for the CrowdStrike foundry-fn-go project.
- Supported Go versions
- Supported CrowdStrike regions
- Supported foundry-fn-go versions
- Reporting a potential security vulnerability
- Disclosure and Mitigation Process
foundry-fn-go functionality is unit tested to run under the following versions of Go. Unit testing is performed with
every pull request or commit to main.
| Version | Supported |
|---|---|
| >= 1.19 |  |
| <= 1.18 |  |
foundry-fn-go is unit tested for functionality across all non-gov CrowdStrike regions.
| Region |
|---|
| US-1 |
| US-2 |
| EU-1 |
When discovered, we release security vulnerability patches for the most recent release at an accelerated cadence.
We have multiple avenues to receive security-related vulnerability reports.
Please report suspected security vulnerabilities by:
- Submitting a bug.
- Starting a new discussion.
- Submitting a pull request to potentially resolve the issue. (New contributors: please review the content located here.)
- Sending an email to foundry-fn-go@crowdstrike.com.
Upon receiving a security bug report, the issue will be assigned to one of the project maintainers. This person will coordinate the related fix and release process, involving the following steps:
- Communicate with you to confirm we have received the report and provide you with a status update.
- You should receive this message within 48 - 72 business hours.
- Confirmation of the issue and a determination of affected versions.
- An audit of the codebase to find any potentially similar problems.
- Preparation of patches for all releases still under maintenance.
- These patches will be submitted as a separate pull request and contain a version update.
- This pull request will be flagged as a security fix.
- Once merged, and after post-merge unit testing has been completed, the patch will be immediately published.
