forked from apache/airflow
-
Notifications
You must be signed in to change notification settings - Fork 15
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Tell users what to do if their scanners find issues in the image (apa…
…che#37652) We often get reports with results of the image scanning sent to the security team. However, for 3rd-party CVEs which are public, this is wrong way of reporting them and our users have other ways they can either handle it, or research it or contribute back their findings back and it's not clear for them that a) they have those options b) their expectations are that Airflow security team will tell them how to clear their security scan reports, c) they do not know they should (and can) contribute back. This change restructures and clarifies the chapter that was describing it in a pretty vague way - turning it into "How to" guide for the users, explaining all the options they have and explaining what are the ways they can contribute back - also making it crystal clear what is the responsibility of the security team for it and that the community expects contributions in such cases from commercial users who want their security reports cleared, not the other way round.
- Loading branch information
1 parent
6cec42e
commit 5c78dcc
Showing
2 changed files
with
110 additions
and
25 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters