Skip to content

Commit 70588c7

Browse files
committed
Update SECURITY.md to use GitHub for security issue reporting
On-behalf-of: SAP <marvin.beckers@sap.com> Signed-off-by: Marvin Beckers <marvin@kubermatic.com>
1 parent cbdcb1a commit 70588c7

1 file changed

Lines changed: 16 additions & 1 deletion

File tree

SECURITY.md

Lines changed: 16 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,18 @@
11
# Security Process for kube-bind
22

3-
TBD
3+
## Reporting a Vulnerability
4+
5+
kube-bind uses GitHub to allow submission of private security reports. Please report any security finding via
6+
[this link](https://github.com/kube-bind/kube-bind/security/advisories/new).
7+
Maintainers will triage your report as soon as possible and get in touch with you via your report in case they have more questions.
8+
9+
As a security researcher, please report vulnerabilities to kube-bind in a [coordinated vulnerability disclosure (CVD)](https://cheatsheetseries.owasp.org/cheatsheets/Vulnerability_Disclosure_Cheat_Sheet.html)
10+
fashion.
11+
12+
In return, maintainers pledge to engage in good faith and collaborate with security researchers to address and publish vulnerabilities found in kube-bind as soon as possible. We will not pursue or support legal action for good‑faith security research that adheres to this policy and avoids privacy violations, data exfiltration, or service disruption.
13+
14+
Please understand that the maintainers also do not accept results of dependency scanners without proof that the detected CVE / vulnerability can be used against kube-bind.
15+
16+
## Security Advisories
17+
18+
Advisories are managed through GitHub Security Advisories. Where applicable, we request CVE IDs via GitHub’s CNA during the advisory process and credit reporters upon release. Please visit [Security Advisories](https://github.com/kube-bind/kube-bind/security/advisories) to review security bulletins published by the maintainers.

0 commit comments

Comments
 (0)