Dagster Labs takes the security of its products seriously. We participate in a responsible disclosure program to allow security researchers to safely report vulnerabilities.

Please do not report security vulnerabilities through public GitHub issues, pull requests, or discussions.

Instead, report vulnerabilities by emailing vulnerability@dagsterlabs.com. This will open a ticket in our Bugcrowd-managed disclosure program directly — no Bugcrowd account required.

If you prefer to submit via a web form, you can also use the disclosure form on our security page.

We only accept vulnerability reports through the channels listed above. Reports submitted via third-party platforms (including Huntr) will not be monitored or actioned.

Reports that do not meet these criteria may be closed without response:

• Confirmed reproducibility — verify the issue exists on the latest released version before reporting
• Step-by-step reproduction instructions — we should be able to reproduce the issue independently following your steps
• Proof-of-concept code or a working exploit — reports without a PoC are unlikely to be prioritized
• Affected component(s) — e.g., the Dagster core library, Dagster+, or a specific integration, with the version number
• Demonstrated impact — describe what an attacker could concretely achieve, not just that a vulnerability class exists

• Acknowledgement: We will acknowledge receipt of your report within 2 business days.
• Triage: We aim to confirm the vulnerability and assess its severity within 10 business days.
• Resolution: We will keep you informed of our progress and notify you when a fix has been released. For coordinated disclosure timelines, we will work with you directly.
• Credit: With your permission, we will acknowledge your contribution in the release notes or security advisory.

We ask that you:

• Give us reasonable time to address the issue before any public disclosure.
• Avoid accessing, modifying, or deleting data that does not belong to you.
• Limit testing to your own accounts and environments.

This program covers vulnerabilities in:

• The Dagster open-source project and all actively maintained open-source projects under the dagster-io GitHub organization
• The Dagster+ hosted platform (dagster.cloud and dagster.plus)
• Dagster Compass (compass.dagster.io)
• Dagster Labs–operated APIs and web properties (dagster.io)

Out of scope:

• Vulnerabilities in third-party dependencies that are already tracked upstream
• Archived or unmaintained repositories under the dagster-io GitHub organization
• Forked third-party projects hosted under the dagster-io GitHub organization
• Denial-of-service attacks
• Issues in customer-managed infrastructure or code (Dagster's hybrid architecture keeps customer code and data within the customer's own environment)
• Social engineering attacks targeting Dagster Labs employees
• Physical security issues
• Vulnerabilities that require the attacker to already have pipeline authoring access, code execution, or the ability to define Dagster ops/assets. Dagster pipelines execute arbitrary Python by design — attacks that require writing or modifying pipeline code are not considered vulnerabilities.
• Deserialization vulnerabilities (e.g., pickle) in components where the serialized data is produced and consumed within the same trust boundary.
• Path traversal via pipeline-author-controlled metadata.
• Automated scanner output without demonstrated exploitability, including:
  • Email security configuration (DMARC, SPF, DKIM)
  • Missing or misconfigured security headers (CSP, X-Frame-Options, etc.)
  • TLS/SSL cipher suites, certificate configuration, or protocol versions
  • DNS configuration issues
• Best-practice recommendations without a concrete, demonstrated attack scenario
• Clickjacking on pages that do not contain sensitive actions
• Self-XSS or attacks requiring physical access to the victim's device
• Rate limiting or brute-force issues on non-sensitive endpoints
• Vulnerabilities on infrastructure or domains not owned or operated by Dagster Labs

Reports generated by or primarily based on automated scanning tools (e.g., Shodan, SecurityTrails, Qualys, Nessus, Burp Suite scanner) without manual validation and demonstrated impact will be closed without response.

Dagster+ uses a hybrid deployment model: the code you write and the data your pipelines process remain fully within your own cloud environment and are never stored or accessed by Dagster+ hosted services. For more information, see our security overview and hybrid architecture docs.

Dagster Labs is SOC 2 Type II certified and HIPAA compliant. To request access to audit reports or penetration test results, email trustcenter@dagsterlabs.com.

For general security questions that are not vulnerability reports, reach us at security@dagsterlabs.com.