Add a draft security threat model (THREAT_MODEL.md) + SECURITY.md + discoverability wiring#12421
Open
potiuk wants to merge 2 commits into
Open
Add a draft security threat model (THREAT_MODEL.md) + SECURITY.md + discoverability wiring#12421potiuk wants to merge 2 commits into
potiuk wants to merge 2 commits into
Conversation
…iscoverability wiring Generated-by: Claude Code
…nore apache-rat 0.13 (still used by some PMC repos) does not recognise the short SPDX identifier, and newer RAT flags the .ratignore file itself. Switching the generated THREAT_MODEL.md / SECURITY.md / AGENTS.md to the full AL-2.0 header (HTML comment) makes them pass the license check on every RAT version, so the .ratignore exemption is no longer needed. Generated-by: Claude Code
elharo
reviewed
Jul 4, 2026
| - *(inferred)* — reasoned from Maven's architecture, domain knowledge, or the absence of a feature; **not yet confirmed.** Each *(inferred)* tag names the §14 question that must ratify it, e.g. *(inferred, Q5)*. | ||
| - **Draft confidence:** ~26 documented / 0 maintainer / ~59 inferred. This is a react-to-me draft, not a ratified model — the heavy *(inferred)* weighting is expected for a v0 the PMC has not yet reviewed. | ||
|
|
||
| **What Maven is.** Apache Maven is a build-automation and dependency-management tool for JVM projects. Given a project description in `pom.xml` (the Project Object Model), Maven resolves declared dependencies and build **plugins** from configured **repositories** into a local repository (`~/.m2/repository`), then executes a lifecycle of plugin goals — compiling, testing, packaging, signing, and deploying code. Plugins and build **extensions** are ordinary JVM artifacts that Maven downloads and executes **as arbitrary code in the build JVM**. Maven is invoked from the CLI (`mvn`, or the `mvnd` daemon, or a project-local `mvnw` wrapper) by a developer or a CI runner. Its security model is therefore fundamentally a **supply-chain and arbitrary-code-execution** model, and — by explicit design — Maven does not sandbox the code it is asked to build or the plugins it is asked to run. |
Contributor
There was a problem hiding this comment.
This is true, though thinking about it now I wonder if we should do better than that?
|
|
||
| **The 3.x-vs-4.x axis (carried on this table).** Maven is mid-transition. Most plugin `master` branches still compile and run against the **Maven 3.9.x** API; seven "split" plugins have moved `master` to the **Maven 4** API and keep a `*-3.x` maintenance branch on the 3.9.x API. The runtime line changes the trust surface (consumer-POM transform, `mvnenc`, resolver 2.x, `mvnup` — all Maven-4-only; see §6/§9). Each branch-target is therefore tagged with the **Maven API line** it targets, and a finding is triaged against **that** line's surface. | ||
|
|
||
| | # | Repository / component | Branch-target(s) | Maven API line | Touches outside process | In model? | |
Contributor
There was a problem hiding this comment.
Looks like quite a few are missing from this table including:
- maven-war-plugin
- maven-ear-plugin
probably others. are non-plugins in scope here? If so, then also maven-filtering, maven-shared-utils, and maven-archiver. and I don't recall the current repos, but all the doxia stuff
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is a proposal for the Maven PMC to review — please correct, reject, or discuss as needed. The PMC owns the document; nothing here is a requirement.
This adds a draft umbrella
THREAT_MODEL.mdfor the Apache Maven family, aSECURITY.md(apache/maven doesn't currently have one — the model has lived only on maven.apache.org/security.html), and anAGENTS.mdwiringAGENTS.md -> SECURITY.md -> THREAT_MODEL.mdso an automated scanner can mechanically discover it. Path 3 as agreed on the list (we draft the v0, the PMC reviews).Generated from Maven's public artefacts (
security.html, the Maven 4 docs, the repos) via thethreat-model-producerrubric. Provenance-tagged throughout; every (inferred) claim routes to a numbered §14 question (20 of them).Per the two asks from the list it carries:
mvnup, the reworkedmvnencencryption, and the resolver changes.The load-bearing call the model makes (please confirm): §9 states that no build/plugin sandbox exists — arbitrary code execution during a build is BY DESIGN, and §11a lists that (plus "deployed POM != source POM", dependabot alerts on test-scope deps, etc.) as known non-findings, so a scan doesn't report Maven's core behaviour as vulnerabilities.
What's most useful from the PMC: walk the §14 questions and confirm / correct / strike each in-thread — a one-line each is enough. We fold the answers in, then open the per-repo
AGENTS.md -> SECURITY.mdpointer PRs across the rest of the scope once the model shape is agreed.Context: the ASF Security team is preparing projects for an automated agentic security scan we're piloting; discoverability is the one hard prerequisite. This PR only adds files — it edits no existing content.