Report a bug

We care about the quality of our software and we ask for your cooperation to make it better day by day

Generic Issues

Open-Source users

If you identified an unexpected behaviour which cannot be abused to compromise the security of the software,  please submit an issue on GitHub.

We welcome the contribution of proposed fixes and PRs.
Our development team will assign a priority to your report and we will release an update including the fix as soon as possible.

If the bug you identified has security implications, please keep reading.

Singularity Pro customers

Before every release, Singularity Pro goes under extensive testing and QA. Occasionally, under some specific corner cases and rare situations, problems may still arise.

Use the contact form or email us at support@sylabs.io to describe the problem you encountered in detail. We will get back to you within 48 hours.


Security Reports

We take security very seriously, our goal is to provide Singularity and Singularity Pro users with the best possible assistance regarding any issue that might affect the security of their systems.

 

We care

The Singularity team values the members of the security research community who find security vulnerabilities and cooperate so that security fixes can be issued to all users in a timely manner and without leaving windows of exposure to attacks.

How-to submit

If you believe you have discovered a vulnerability in Singularity or Singularity Pro,  notify our team either:

  • via email: security -at- sylabs.io (PGP key)
  • via web: fill the form on the right.

We encourage people who contact Singularity Security team to use email encryption, get our PGP public key and verify the fingerprint:

0x0EEDA03B2CF74611AE99A09FB20868209CA9540F

Submit Security Issue

Notification & Policy

Users of Singularity Open-Source are notified of new security issues on the Singularity Google Group.

Singularity Pro customers receive information about security flaws that affect Sylabs products and services in the form of security advisories sent to the  dedicated Sylabs Security mailing-list.

Sylabs does not provide advance notification of private security issues to partners or customers, or inform them that an investigation is underway for such issues.

For issues already in the public domain, we may notify our partners, customers, or other organizations about our response process or investigations.

Credit

Our policy is to credit all researchers in the announcement of the vulnerability after a security update has been published.
In order to receive credit, security researchers must follow responsible disclosure practices, including:

  • the vulnerability is not published until Sylabs releases a new version of Singularity which fixes it
  • no details of the issue including, for example, working or proof-of-concept exploits, are divulged