[doc] update security doc and some (apache#2856)

Signed-off-by: tomsun28 <[email protected]>
Co-authored-by: aias00 <[email protected]>

.github/ISSUE_TEMPLATE/feature-request.yml

@@ -53,4 +53,4 @@ body:
   validations:
     required: false
 - type: markdown
-  value: "Please read the [Contribution Guideline](https://hertzbeat.apache.org/docs/others/contributing) before submitting the PR"
+  value: "Please read the [Contribution Guideline](https://hertzbeat.apache.org/docs/community/contribution) before submitting the PR"

.github/ISSUE_TEMPLATE/task.yml

@@ -39,4 +39,4 @@ body:
 - type: markdown
   attributes:
     value: |
-      Please read the [Contribution Guideline](https://hertzbeat.com/docs/others/contributing/) before submitting the PR
+      Please read the [Contribution Guideline](https://hertzbeat.apache.org/docs/community/contribution) before submitting the PR

.github/ISSUE_TEMPLATE/volunteer.yml

@@ -30,5 +30,5 @@ body:
 - type: markdown
   attributes:
     value: |
-      Please read the [Contribution Guideline](https://hertzbeat.apache.org/docs/others/contributing/) before submitting the PR
+      Please read the [Contribution Guideline](https://hertzbeat.apache.org/docs/community/contribution) before submitting the PR
 

.github/workflows/backend-build-test.yml

@@ -40,6 +40,44 @@ on:
 
 jobs:
   backend-build:
-    uses: ./.github/workflows/backend-build-test-reuse.yml
-    secrets:
-      codecov_token: ${{ secrets.CODECOV_TOKEN }}
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./script/ci/github-actions/setup-deps
+
+      - name: Build with Maven
+        run: mvn clean -B package -Prelease -Dmaven.test.skip=false --file pom.xml
+
+      - name: Upload coverage reports to Codecov
+        uses: codecov/[email protected]
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          verbose: true
+
+      - name: Build Image
+        uses: docker/build-push-action@v3
+        with:
+          context: ./dist
+          file: ./script/docker/server/Dockerfile
+          push: false
+          tags: apache/hertzbeat:test
+
+      - name: Run E2E
+        run: |
+          sudo curl -L https://github.com/docker/compose/releases/download/v2.23.0/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose
+          sudo chmod u+x /usr/local/bin/docker-compose
+          
+          cd e2e
+          sudo docker-compose version
+          sudo docker-compose up --exit-code-from testing --remove-orphans
+      
+      # upload application logs
+      - name: Upload logs & API test reports
+        uses: actions/upload-artifact@v3
+        if: always()
+        with:
+          name: hz-logs-${{ github.run_id }}
+          path: |
+            e2e/logs/
+            e2e/report/
+

SECURITY.md

@@ -1,19 +1,22 @@
 # Security Policy
 
-**[Version Releases](https://github.com/apache/hertzbeat/releases)**
+Apache HertzBeat follows the [ASF vulnerability handling process](https://apache.org/security/#vulnerability-handling)
 
 ## Supported Versions
 
-Use this section to tell people about which versions of your project are
-currently being supported with security updates.
-
 | Version           | Supported          |
 |-------------------|--------------------|
 | Latest Version    | :white_check_mark: |
 | Any Other Version | :x:                |
 
 ## Reporting a Vulnerability
 
-Use this section to tell people how to report a vulnerability.
+Please do not file GitHub issues for security vulnerabilities as they are public!
+
+To report a new vulnerability you have discovered please follow the [ASF vulnerability reporting process](https://apache.org/security/#reporting-a-vulnerability).
+
+## Extra Information  
 
-Please report vulnerability disclosures to `[email protected]`.
+- [Apache HertzBeat Security Model](https://hertzbeat.apache.org/docs/help/security_model)
+- [ASF Security](https://www.apache.org/security/)
+- [Apache HertzBeat Document](https://hertzbeat.apache.org/docs/)

home/docs/help/security_model.md

@@ -33,3 +33,11 @@ Apache HertzBeat supports users to customize collectors to personalize the colle
 ## Security Constraints in Other Customizations
 
 Apache HertzBeat provides a variety of system extension methods and custom capabilities. Users need to pay attention to the security of customizations during use. Of course, all extension capabilities need to be within the scope of authenticated users.
+
+----
+
+## Reporting a Vulnerability
+
+Please do not file GitHub issues for security vulnerabilities as they are public!
+
+To report a new vulnerability you have discovered please follow the [ASF vulnerability reporting process](https://apache.org/security/#reporting-a-vulnerability).

home/docusaurus.config.js

@@ -153,7 +153,7 @@ module.exports = {
             },
             {
               label: 'Security',
-              href: 'https://www.apache.org/security/',
+              to: '/docs/help/security_model',
             },
             {
               label: 'Sponsorship',

home/i18n/zh-cn/docusaurus-plugin-content-docs/current/help/security_model.md

@@ -33,3 +33,11 @@ Apache HertzBeat 支持用户自定义采集器来个性化采集监控指标等
 ## 其它自定义下的安全约束
 
 Apache HertzBeat 提供多种系统扩展方式和自定义能力，用户在使用过程中需注意自定义的安全性。当然所有扩展能力都是需在认证用户范围。
+
+----
+
+## Reporting a Vulnerability
+
+Please do not file GitHub issues for security vulnerabilities as they are public!
+
+To report a new vulnerability you have discovered please follow the [ASF vulnerability reporting process](https://apache.org/security/#reporting-a-vulnerability).