Goblet's default configuration is unsafe for multi-tenant deployments with private repositories.
Default cache keys include only repository URL, not user identity. This allows authenticated users to access cached private repositories belonging to other users.
Severity: Critical (CVSS 8.1) Impact: Private repository data leakage between users/tenants
✅ Your deployment is SAFE if:
- Single user or service account per Goblet instance
- Only public repositories accessed
- Using sidecar pattern (one instance per workload)
🚨 Your deployment is AT RISK if:
- Multiple users share a Goblet instance
- Users access private repositories with different permissions
- Multi-tenant SaaS, Terraform Cloud, or security scanning scenarios
Deploy one Goblet instance per workload. No code changes required:
kubectl apply -f examples/kubernetes-sidecar-secure.yamlComplete guide: docs/security/multi-tenant-deployment.md
- Security Overview: docs/security/README.md
- Isolation Strategies: docs/security/isolation-strategies.md
- Deployment Guide: docs/security/multi-tenant-deployment.md
Do not open public GitHub issues for security vulnerabilities.
Email: security@example.com
Include:
- Description of vulnerability
- Steps to reproduce
- Affected versions
- Suggested remediation (optional)
We follow a 90-day coordinated disclosure policy.
Security updates are published in:
- CHANGELOG.md
- GitHub Security Advisories
- Security mailing list (subscribe at security@example.com)
| Version | Security Support |
|---|---|
| 2.x | ✅ Full support |
| 1.x | |
| < 1.0 | ❌ Not supported |
- Never share Goblet instances across tenants without isolation
- Always use TLS for production deployments
- Enable audit logging for compliance requirements
- Review security documentation before deploying
- Monitor for unauthorized access attempts
Last Updated: 2025-11-07