docs: Add security policy (#408)

* docs: Add security policy * docs: Add security policy * docs: Add security policy
argoproj-labs · Mar 25, 2022 · 7057d0c · 7057d0c
1 parent 877ff08
commit 7057d0c
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 0 deletions.
diff --git a/.github/actions/spelling/expect.txt b/.github/actions/spelling/expect.txt
@@ -2,6 +2,7 @@
 aeece
 Artifactory
 bacd
+CVE
 credref
 DEBU
 DEBU

diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,31 @@
+# Security Policy for Argo CD Image Updater
+
+Version: **v1.0 (2022-03-25)**
+
+## Supported Versions
+
+We currently only support the most recent release. Please do not report issues
+for older versions if they do not reproduce in the latest release.
+
+## Reporting a Vulnerability
+
+Please report issues with our container image directly on the GitHub tracker
+if the issue has already been assigned a CVE.
+
+If you find a security related bug in Argo CD Image Updater, we kindly ask you
+for responsible disclosure and for giving us appropriate time to react, analyze
+and develop a fix to mitigate the found security vulnerability.
+
+We will do our best to react quickly on your inquiry, and to coordinate a fix
+and disclosure with you. Sometimes, it might take a little longer for us to
+react (e.g. out of office conditions), so please bear with us in these cases.
+
+We will publish security advisories using the
+[Git Hub Security Advisories](https://github.com/argoproj-labs/argocd-image-updater/security/advisories)
+feature to keep our community well informed, and will credit you for your
+findings (unless you prefer to stay anonymous, of course).
+
+Please report vulnerabilities by e-mail to the following address:
+
+* jann@mistrust.net
+