Skip to content
LearnNewsroom Created with Sketch.
Try OSIRIS

OSIRIS JSON Support & Security

As an open-source project, OSIRIS JSON relies on community support channels to help users deploy producers, build consumers, and leverage the specification. This guide explains how to ask questions, report bugs, and privately submit security concerns.


Before opening a bug report or requesting support, please check if your question has already been answered:

GitHub Discussions (Q&A & Ideas)

For architectural questions, implementation advice, how-to guides, and early feature feedback.

Go to GitHub Discussions

GitHub Issues (Specification)

For reporting reproducible bugs in the core schema, architectural guidelines and the OSIRIS JSON Specification.

Open a GitHub Issue

GitHub Issues (Documents)

For reporting reproducible bugs in this documentation repository that include also docs.osirisjson.org website.

Open a GitHub Issue

GitHub Issues (Producers)

For reporting reproducible bugs in the the OSIRIS JSON Producers and relative documentation.

Open a GitHub Issue


To help maintainers diagnose and resolve issues quickly, please include the following details in your GitHub Issue:

  1. Clear Description: Describe what happened and what you expected to happen instead.
  2. Affected Version: Specify the version of the OSIRIS schema (e.g., v1.0.0) or the CLI tool version (osirisjson-producer azure --version).
  3. Reproduction Steps: List the exact commands run or steps taken to trigger the bug.
  4. Sanitized Input: Provide a minimal, sanitized OSIRIS JSON snippet that reproduces the issue.
  5. System Context: Include details about your operating system, Go version (if compiling from source), and CLI environment.

The OSIRIS JSON project takes the security of its schemas, producer SDKs, and tooling seriously. If you suspect a vulnerability, do not file a public GitHub issue or post in discussions.

Suspected vulnerabilities should be reported privately using one of the following channels:

  1. GitHub Security Advisory (Preferred): Open a private advisory report through the GitHub interface:
    Open a Private Security Report
  2. Email: Send your assessment directly to:
    community@osirisjson.org

Please provide:

  • A description of the vulnerability and its potential impact (confidentiality, integrity, availability).
  • The specific package, SDK function, or CLI binary affected.
  • Step-by-step instructions or a minimal proof of concept (PoC) script.
  • Any known mitigations or workarounds.

We aim to acknowledge receipt of all private security reports within 3 business days and provide an initial assessment within 7 business days. Fixes will be coordinated and released in patches before public disclosures are published.