Vulnerability Disclosure Info

Can someone point me in the right direction for whom/where I can securely disclose vulnerabilities discovered in the SonarQube product itself?

Hi, you can drop me an email or send a direct message to me through this forum.
Thanks