🇯🇵 Langfuse Cloud Japan is live →
HandbookVulnerability Handling
HandbookProduct EngineeringPlaybooksVulnerability Handling

Vulnerability Handling

We have two different processes for handling security reports. These security reports are always triaged by engineers within 24 hours to act on them promptly if needed.

Process 1: Manual Security Reports

Security reports sent to security@langfuse.com are forwarded to Pylon (our support tool), where an engineer is auto-assigned to triage and create a Linear ticket.

Security Researcher/Customer/Team "security[at Forward to Pylon (Support Tool) Engineer Auto-Assigned Engineer Triages Engineer Creates Linear Ticket (Vulnerability Dashboard)

Process 2: Automated Vulnerability Detection

All Langfuse repositories have Dependabot and Snyk enabled. Vulnerabilities are automatically reported to GitHub, which sends webhooks to Make.com to create Linear tickets and auto-assign to the respective engineer.

Code Repositories SDK Repository Other Repository GitHub Security Alerts Webhook to Make.com Linear Ticket(Vulnerability Dashboard) Route byRepository Type Auto-assign toSDK Engineer Auto-assign toProduct Engineer Engineer Triages Engineer Triages Dependabot Snyk
Was this page helpful?

On this page

Vulnerability HandlingProcess 1: Manual Security ReportsProcess 2: Automated Vulnerability Detection

Actions

Give us feedbackEdit this page on GitHub

Contributors

Jannik MaierhöferJannik MaierhöferMax DeichmannMax Deichmann
GitHub