At Spacelift, your security is our first and foremost priority. We run this program to prove and maintain this trust and to keep Spacelift secure. If you have information about a qualified security vulnerability that is within our predetermined scope, we would love to hear from you!
Submit reportThe Spacelift bug bounty program accepts vulnerability reports containing original and validated in-scope vulnerabilities that a potential attacker could use to compromise the confidentiality, integrity, and or availability of the Spacelift application. By participating in the Spacelift bounty program, you agree to follow all of the program rules. We look forward to working with you to find security vulnerabilities in order to keep our businesses and customers safe. We’ll try to keep you informed about our progress throughout the process.
We offer a reward for every report of a security problem that was not yet known to us. The amount of the reward will be determined based on the severity of the leak and the quality of the report. Our rewards are based on severity per CVSS v3.0 (the Common Vulnerability Scoring Standard). Please note these are general guidelines and that reward decisions are up to the discretion of Spacelift.
Bounty
Hall of Fame
low
up to
100
medium
up to
500
high
up to
1,200
critical
up to
3,000
Reward amounts are based on:
You can check our documentation here.