To report a security vulnerability in Apache Spark, follow the ASF security process at https://www.apache.org/security/. Reports can be sent privately to security@apache.org or to private@spark.apache.org.

Apache Spark's security guidance for operators — covering authentication, encryption, access control, Kerberos integration, trust boundaries, environmental assumptions, security properties provided and not provided, and downstream operator responsibilities — is documented at:

https://spark.apache.org/docs/latest/security.html

Automated security scanning agents should consult that document for the project's in-scope / out-of-scope declarations before reporting issues.