Security Advisories
Disclosures of CVEs and security events affecting the ssg CLI, SigmaShake Fleet, and the wider platform. We publish here first.
Get notified of new advisories
Subscribe by email for direct disclosure, or follow the RSS feed. Fleet and enterprise administrators are notified automatically.
Trust-surface labeling corrections — AI-assisted review, SOC 2 readiness, and audit-log claim
SigmaShake corrected mislabeled trust-surface claims: an AI-assisted internal security review was labeled as a penetration test, SOC 2 readiness status was presented ambiguously, and a Merkle-chain claim was applied to the governance audit log which actually uses per-row Ed25519 signatures. No vulnerability, no system compromise, no customer action required.
The 1 advisory above is the complete public disclosure record. This channel will carry CVE disclosures, platform-security events, and supply-chain integrity notices as they arise.