The Open MCT team secures our code base using a combination of code review, dependency review, and periodic security reviews. Static analysis performed during automated verification additionally safeguards against common coding errors which may result in vulnerabilities.

For general defects, please for a Bug Report

To report a vulnerability for Open MCT please send a detailed report to arc-dl-openmct.

See our top-level security policy for additional information.

The CodeQL GitHub Actions workflow is available to the public. To review the results, fork the repository and run the CodeQL workflow.

CodeQL is run for every pull-request in GitHub Actions.

The project is also monitored by LGTM and is available to public.

Static analysis is run for every push on the master branch and every pull request on all branches in Github Actions.

For more information about ESLint, visit https://eslint.org/.

For additional support, please open a Github Discussion.

If you wish to report a cybersecurity incident or concern, please contact the NASA Security Operations Center either by phone at 1-877-627-2732 or via email address soc@nasa.gov.