Security Advisories

Security Advisories

Disclosures of CVEs and security events affecting the ssg CLI, SigmaShake Fleet, and the wider platform. We publish here first.

Get notified of new advisories

Subscribe by email for direct disclosure, or follow the RSS feed. Fleet and enterprise administrators are notified automatically.

Informational SSA-2026-0001 June 11, 2026

Trust-surface labeling corrections — AI-assisted review, SOC 2 readiness, and audit-log claim

SigmaShake corrected mislabeled trust-surface claims: an AI-assisted internal security review was labeled as a penetration test, SOC 2 readiness status was presented ambiguously, and a Merkle-chain claim was applied to the governance audit log which actually uses per-row Ed25519 signatures. No vulnerability, no system compromise, no customer action required.

The 1 advisory above is the complete public disclosure record. This channel will carry CVE disclosures, platform-security events, and supply-chain integrity notices as they arise.