Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create Security Policy #6900

Merged
merged 7 commits into from
Mar 9, 2024
Merged

Create Security Policy #6900

merged 7 commits into from
Mar 9, 2024

Conversation

joycebrum
Copy link
Contributor

@joycebrum joycebrum commented Feb 23, 2024
edited
Loading

Closes #6899

Background

The security policy is a github standard document that guides the users and security researchers on how to safely report vulnerabilities. I've also included some guidelines for users to safely consume AutoGPT that provides benefits for both the project and the users:

  1. the user, that will have guidelines on how to safely run AutoGPT for their application
  2. the project, that can avoid receiving false positive vulnerability reports

Changes 🏗️

Preview

I've created the SECURITY.md file considering the report vulnerability through security advisory, which is a new GitHub feature.

If you're interested in the GitHub's feature, it must be activated for the repository:

  1. Open the repo's settings
  2. Click on Code security & analysis
  3. Click "Enable" for "Private vulnerability reporting (Beta)"

If you rather not enable it, there is also the possibility to receive the vulnerability report through an email. In this case just let me know what would be the email and I'll submit the change.

Besides, let me know what you think about both "Using AutoGPT Securely" and "Reporting a Vulnerability sections".

PR Quality Scorecard ✨

  • Have you used the PR description template?   +2 pts
  • Is your pull request atomic, focusing on a single change?   +5 pts
  • Have you linked the GitHub issue(s) that this PR addresses?   +5 pts
  • Have you documented your changes clearly and comprehensively?   +5 pts
  • Have you changed or added a feature?   -4 pts
    • Have you added/updated corresponding documentation?   +4 pts
    • Have you added/updated corresponding integration tests?   +5 pts
  • Have you changed the behavior of AutoGPT?   -5 pts
    • Have you also run agbenchmark to verify that these changes do not regress performance?   +10 pts

@joycebrum
Create SECURITY.md
501597a 
Signed-off-by: Joyce <[email protected]>
@netlify Netlify
Copy link

netlify bot commented Feb 23, 2024
edited
Loading

Deploy Preview for auto-gpt-docs ready!

Name Link
🔨 Latest commit ecb591d
🔍 Latest deploy log https://app.netlify.com/sites/auto-gpt-docs/deploys/65e7965ad526e20008a8f0b7
😎 Deploy Preview https://deploy-preview-6900--auto-gpt-docs.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

Torantulino
Torantulino requested changes Feb 28, 2024
View reviewed changes
SECURITY.md Outdated Show resolved Hide resolved
SECURITY.md Outdated Show resolved Hide resolved
Torantulino
Torantulino requested changes Mar 3, 2024
View reviewed changes
SECURITY.md Outdated Show resolved Hide resolved
@Torantulino
Copy link
Member

Happy to get this merged with that last tweak, thank you very much for your thoughtful contribution!

@ntindle ntindle merged commit 6c18627 into Significant-Gravitas:master Mar 9, 2024
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ntindle ntindle ntindle left review comments

@Torantulino Torantulino Torantulino approved these changes

Assignees
No one assigned
Labels
size/m
Projects
AutoGPT development kanban
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Create a Security Policy
3 participants
@joycebrum @Torantulino @ntindle