Merge pull request #57 from catenax-ng/ver-2.1.0

[chore|sde-v2.1.0]Update SECURITY.md and trivy image scan workflow updated.
eclipse-tractusx · Sep 4, 2023 · 92e8191 · 92e8191
2 parents 4a71c04 + 31f36ab
commit 92e8191
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 3 deletions.
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -71,7 +71,7 @@ jobs:
         uses: aquasecurity/trivy-action@master
         with:
           # Path to Docker image
-          image-ref: "ghcr.io/catenax-ng/tx-managed-simple-data-exchanger-backend:latest"
+          image-ref: "tractusx/managed-simple-data-exchanger-backend:latest"
           format: "sarif"
           output: "trivy-results.sarif"
           exit-code: "1"

diff --git a/SECURITY.md b/SECURITY.md
@@ -2,5 +2,18 @@
 
 ## Reporting a Vulnerability
 
-Please report a found vulnerability here:
-[https://www.eclipse.org/security/](https://www.eclipse.org/security/)
+Please do **not** report security vulnerabilities through public GitHub issues.
+
+Please report vulnerabilities to this repository via **GitHub security advisories** instead.
+
+__How?__ Inside affected repository --> security tab
+
+for contributor:
+--> Report a vulnerability
+
+for committer:
+--> advisories --> New draft security advisory
+
+In severe cases, you can also report a found vulnerability via mail or eclipse issue here: https://www.eclipse.org/security/
+
+See [Eclipse Foundation Vulnerability Reporting Policy](https://www.eclipse.org/projects/handbook/#vulnerability).