Vulnerability Handling

We have two different processes for handling security reports. These security reports are always triaged by engineers within 24 hours to act on them promptly if needed.

Process 1: Manual Security Reports

Security reports sent to security@langfuse.com are forwarded to Plain.com (our support tool), where an engineer is auto-assigned to triage and create a Linear ticket.

Process 2: Automated Vulnerability Detection

All Langfuse repositories have Dependabot and Snyk enabled. Vulnerabilities are automatically reported to GitHub, which sends webhooks to Make.com to create Linear tickets and auto-assign to the respective engineer.