Tell users what to do if their scanners find issues in the image #37652
Commits on Feb 23, 2024
-
Tell users what to do if their scanners find issues in the image
We often get reports with results of the image scanning sent to the security team. However, for 3rd-party CVEs which are public, this is wrong way of reporting them and our users have other ways they can either handle it, or research it or contribute back their findings back and it's not clear for them that a) they have those options b) their expectations are that Airflow security team will tell them how to clear their security scan reports, c) they do not know they should (and can) contribute back. This change restructures and clarifies the chapter that was describing it in a pretty vague way - turning it into "How to" guide for the users, explaining all the options they have and explaining what are the ways they can contribute back - also making it crystal clear what is the responsibility of the security team for it and that the community expects contributions in such cases from commercial users who want their security reports cleared, not the other way round.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.