Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add security.md #1627

Merged
merged 7 commits into from
Sep 3, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 17 additions & 0 deletions SECURITY.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
# Reporting of Security Issues

The devfiles team takes immediate action to address security-related issues involving devfile projects.

Note, that normally we try to fix issues found for the latest releases of our projects. Backport fixes will be made only for exceptional cases, if the team has identified the need to do so.

## Reporting Process

When a security vulnerability is found, it is important to not accidentally broadcast publicly that the issue exists to avoid potential exploits. The preferred way of reporting security issues in Devfiles is listed below.

## Contact Us

An email to <a href="mailto:[email protected]">[email protected]</a> is the preferred mechanism for outside users to report security issues. A member of the devfile team will open the required issues and keep you up-to-date about the status of the issue.

## What To Avoid

Do not open a public issue, send a pull request, or disclose any information about the suspected vulnerability publicly, **including in your own publicly visible git repository**.
Loading