Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 29 additions & 0 deletions AGENTS.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->

# AGENTS.md

Guidance for coding agents and automated tools working with Apache Knox.

## Security

For Apache Knox's security policy and how to report a vulnerability, see
[SECURITY.md](SECURITY.md). The project's security **threat model** — what Knox
trusts, the properties it upholds and disclaims, and how to triage a finding —
is in [THREAT_MODEL.md](THREAT_MODEL.md) (also linked from SECURITY.md).
35 changes: 35 additions & 0 deletions SECURITY.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->

# Security Policy

## Reporting a Vulnerability

Please report security vulnerabilities in Apache Knox **privately** to the
Apache Security Team at **security@apache.org**, following the ASF vulnerability
handling process: <https://apache.org/security/>. Do not open public GitHub
issues or pull requests for undisclosed security reports.

## Threat Model

Apache Knox's security **threat model** — the assumptions Knox makes about its
environment and callers, the security properties it upholds, the properties it
explicitly does *not* uphold, the operator's responsibilities, and how to triage
a security report against the project — is documented in
[THREAT_MODEL.md](THREAT_MODEL.md).
Loading
Loading