Skip to content

Commit 9062060

Browse files
committed
Update SECURITY.md to use GitHub for security issue reporting
On-behalf-of: SAP <marvin.beckers@sap.com> Signed-off-by: Marvin Beckers <marvin@kubermatic.com>
1 parent cbdcb1a commit 9062060

1 file changed

Lines changed: 15 additions & 1 deletion

File tree

SECURITY.md

Lines changed: 15 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,17 @@
11
# Security Process for kube-bind
22

3-
TBD
3+
## Reporting a Vulnerability
4+
5+
kube-bind uses GitHub to allow submission of private security reports. Please report any security finding via
6+
[this link](https://github.com/kube-bind/kube-bind/security/advisories/new).
7+
Maintainers will triage your report as soon as possible and get in touch with you via your report or via email in case they have more questions.
8+
9+
As a security researcher, please report vulnerabilities to kube-bind in a [coordinated vulnerability disclosure](https://cheatsheetseries.owasp.org/cheatsheets/Vulnerability_Disclosure_Cheat_Sheet.html)
10+
fashion. In return, maintainers pledge to engage in good faith and collaborate with security researchers to address and publish vulnerabilities found in kube-bind as soon as possible.
11+
12+
Please understand that the maintainers also do not accept results of dependency scanners without proof that the detected CVE / vulnerability can be used against kube-bind.
13+
14+
## Security Advisories
15+
16+
Advisories are managed through GitHub. Public disclosure of vulnerabilities happens through GitHub.
17+
Please visit [Security Advisories](https://github.com/kube-bind/kube-bind/security/advisories) to review security bulletins published by the maintainers.

0 commit comments

Comments
 (0)