BronsonQuick
commented
2 years ago Hey @danielfobooss! Thanks for touching base about this. We've published this package for spinning up local development VMs and it's not intended for production use. However, if you think it's worth chatting about further you can email me. Thanks!
Hi! I'm building a linter to detect security vulnerabilities for puppet scripts. Our linter found some smells that might lead to vulnerabilities such as weak passwords and hard coded secrets. It would be important to get your feedback since you have more context on the application than we do. How can we discuss this in private? I didn't find any vulnerability disclosure guidelines. Thanks!