You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: SECURITY.md
+16-1Lines changed: 16 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,5 +2,20 @@
2
2
3
3
## Reporting a Vulnerability
4
4
5
-
Please go to [Security Advisories](https://github.com/com-pas/compas-open-scd/security/advisories) to privately report a security vulnerability,
5
+
Please go to [Security Advisories](https://github.com/com-pas/compas-open-scd/security/advisories) to privately report a security vulnerability,
6
6
our contributors will try to respond within a week of your report with a rough plan for a fix and new tests.
7
+
8
+
## Verifying Docker images
9
+
10
+
Docker images published by this project are signed using [Cosign](https://github.com/sigstore/cosign) keyless signing via [Sigstore](https://www.sigstore.dev/). Signatures are recorded in the public [Rekor](https://rekor.sigstore.dev/) transparency log — no private key is stored or required.
11
+
12
+
To verify an image, install Cosign ([instructions](https://docs.sigstore.dev/cosign/system_config/installation/)) and run:
0 commit comments