Security is important.

Reporting a vulnerability

Please follow these guides to report a vulnerability privately:

• MUI Core https://github.com/mui/material-ui/security/policy
• MUI X https://github.com/mui/mui-x/security/policy
• MUI Toolpad https://github.com/mui/mui-toolpad/security/policy

External audits

securityscorecards.dev

This automation runs the following checks: https://github.com/ossf/scorecard/tree/main#checks-1.

Reports for MUI Core are published https://github.com/mui/material-ui/security/code-scanning (private). The public details of the score: https://api.securityscorecards.dev/projects/github.com/mui/material-ui.

https://img.shields.io/ossf-scorecard/github.com/mui/material-ui?label=openssf scorecard&style=flat

The same tools is used for the other repositories:

• Reports for MUI X are published https://github.com/mui/mui-x/security/code-scanning (private), the public details of the score: https://api.securityscorecards.dev/projects/github.com/mui/mui-x.
• Reports for MUI Toolpad are published at https://github.com/mui/mui-toolpad/security/code-scanning (private), the public details of the score: https://api.securityscorecards.dev/projects/github.com/mui/mui-toolpad.

CodeQL

CodeQL runs SAST (Static Application Security Testing) on the codebase. The reports for MUI Core are published at https://github.com/mui/material-ui/security/code-scanning (private).

The same tools are used for the other repositories:

• MUI X: https://github.com/mui/mui-x/security/code-scanning (private)
• MUI Toolpad: https://github.com/mui/mui-toolpad/security/code-scanning (private)

securityscorecard.io