Skip to content

Security: VictoriaMetrics/VictoriaLogs

Security

SECURITY.md

Security Policy

Supported Versions

The following versions of VictoriaLogs receive regular security fixes:

Version Supported
latest release
other releases

See this page for more details.

Software Bill of Materials (SBOM)

Starting with v1.48.0, every container image published to docker.io and quay.io includes an SPDX SBOM attestation generated by BuildKit during docker buildx build.

Inspecting the SBOM

docker buildx imagetools inspect \
  victoriametrics/victoria-logs:<tag> \
  --format "{{ json .SBOM }}"

Scanning with Trivy

trivy image --sbom-sources oci \
  victoriametrics/victoria-logs:<tag>

Reporting a Vulnerability

Please report any security issues to security@victoriametrics.com

There aren't any published security advisories