Please report security issues privately through GitHub's private vulnerability reporting (repository Security tab → Report a vulnerability). This keeps the report confidential until a fix is available.

Do not open a public issue or pull request for a suspected vulnerability.

Include, where possible: the affected version, the command(s) the exporter was running, and the steps to reproduce. Reports are acknowledged and triaged on a best-effort basis.

Only the latest release receives security fixes. This project is not actively maintained for Slurm 25.11+, which natively supports OpenMetrics for Prometheus — see sckyzo/slurm_prometheus_exporter for new deployments.

Released binaries and container images carry signed provenance (cosign keyless), signed checksums, and CycloneDX SBOMs. Verification recipes are in the Security & supply chain section of the README and in docker/README.md.