-
Notifications
You must be signed in to change notification settings - Fork 252
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* docs: Add security policy * docs: Add security policy * docs: Add security policy
- Loading branch information
Showing
2 changed files
with
32 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,6 +2,7 @@ | |
aeece | ||
Artifactory | ||
bacd | ||
CVE | ||
credref | ||
DEBU | ||
DEBU | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
# Security Policy for Argo CD Image Updater | ||
|
||
Version: **v1.0 (2022-03-25)** | ||
|
||
## Supported Versions | ||
|
||
We currently only support the most recent release. Please do not report issues | ||
for older versions if they do not reproduce in the latest release. | ||
|
||
## Reporting a Vulnerability | ||
|
||
Please report issues with our container image directly on the GitHub tracker | ||
if the issue has already been assigned a CVE. | ||
|
||
If you find a security related bug in Argo CD Image Updater, we kindly ask you | ||
for responsible disclosure and for giving us appropriate time to react, analyze | ||
and develop a fix to mitigate the found security vulnerability. | ||
|
||
We will do our best to react quickly on your inquiry, and to coordinate a fix | ||
and disclosure with you. Sometimes, it might take a little longer for us to | ||
react (e.g. out of office conditions), so please bear with us in these cases. | ||
|
||
We will publish security advisories using the | ||
[Git Hub Security Advisories](https://github.com/argoproj-labs/argocd-image-updater/security/advisories) | ||
feature to keep our community well informed, and will credit you for your | ||
findings (unless you prefer to stay anonymous, of course). | ||
|
||
Please report vulnerabilities by e-mail to the following address: | ||
|
||
* jann@mistrust.net | ||
|