Security is fundamental for Glob.AI OS, and it is carefully integrated across all core components, as well as every solution built using them.
In case you detect a vulnerability, you can report it using the contact information described in Glob.AI OS Support and Contact Information, as a "vulnerability".
Please ensure your report includes the specific software version used and a detailed set of reproduction steps.
We will look into the matter and take appropriate corresponding corrective action as needed, which may include release a fix, provide a workaround, depending on the specific circumstances of each case (severity, version in which the issue is reported or happens, etc.).
Relevant fixes or features added to the Glob.AI OS will be published as part of our official documentation (available in the Glob.AI OS Releases Notes).
There are many tools that analyze code and report "findings;" that is, areas of possible attack (SAST).
These findings do not confirm the existence of a specific vulnerability (despite being improperly labeled as a detected vulnerability), but rather indicate that certain code is "suspected of being vulnerable." Additionally, detection capabilities vary across tools, and multiple executions of the same tool on the same solution may yield inconsistent results.
Globant regularly runs analyzers that report this type of findings and analyze the results. Therefore, we prioritize validated vulnerability reports over raw automated findings. A valid report describes a specific, reproducible vulnerability that a security specialist could leverage to execute a successful attack. Once a vulnerability is confirmed, Globant acts immediately to implement a fix.