Understand our ongoing commitment to security.

Report a Security Concern

Our Commitment

At Gruntwork, we understand the critical importance of security, both with respect to our customers’ information, as well as the infrastrucuture our customers build using our IaC library. Gruntwork is firmly committed to ensuring the security of its customers and users by protecting their information.

See below for a list of our security policies, or subscribe to our RSS feed or security mailing list to stay up to date on policy changes and security news.

Security Policies

Security Updates

  • Subscribe to our security mailing list. All Gruntwork subscribers receive notifications related to security releases, vulnerabilities, disclosures, and related security news via our mailing list. Subscribe to our security mailing list to receive these updates.
  • Get policy updates programmatically. Subscribe to our policy RSS feed to be notified when we release updates to our security policies. Note that you may need to cut and paste the RSS URL into your favorite RSS Feed Reader to monitor updates.
  • View recent policy updates. View changes to our legal and security policies. This is a human-friendly rendering of our RSS feed.

Report a Vulnerability

We accept vulnerability reports via Reports may be submitted anonymously. If you share contact information, we will acknowledge receipt of your report within 3 business days.

We do not support PGP-encrypted emails. For particularly sensitive information, please reach out to to discuss before sending over.

For more information, please see our Vulnerability Disclosure Policy.