-
Notifications
You must be signed in to change notification settings - Fork 11
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
## Description - [x] Creates a preferred method of contact by security researchers in the event of a security vulnerability instead of posting it publicly which could lead to disclosure of vulnerability details. - [x] Provides description of where and how to report - [x] When a vulnerability is reported, we can accept it, ask more questions, or reject it. If accepted, we are ready to collaborate on a fix. - [x] Vulnerability is less likely to be in the public eye - [x] Updates the docs ## Related Issue Fixes #639 <!-- or --> Relates to # ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [x] Other (security config, docs update, etc) ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide Steps](https://github.com/defenseunicorns/pepr/blob/main/CONTRIBUTING.md#submitting-a-pull-request) followed --------- Signed-off-by: Case Wylie <cmwylie19@defenseunicorns.com>
- Loading branch information
Showing
3 changed files
with
29 additions
and
18 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
# Security Policy | ||
|
||
## Reporting a Vulnerability | ||
|
||
If you discover a security vulnerability in Pepr, please report it to us by sending an email to [pepr@defenseunicorns.com](mailto:pepr@defenseunicorns.com?subject=Vulnerability) or directly through the [GitHub UI](https://github.com/defenseunicorns/pepr/security/advisories/new). | ||
|
||
Please include the following details in your report: | ||
|
||
- A clear description of the vulnerability | ||
- Steps to reproduce the vulnerability | ||
- Any additional information that may be helpful in understanding and fixing the issue | ||
|
||
We appreciate your help in making Pepr more secure and will acknowledge your contribution in the remediation PR. | ||
|
||
|
||
## Contact | ||
|
||
If you have any questions or concerns regarding the security of Pepr, please contact us at pepr@defenseunicorns.com. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,3 @@ | ||
# Reporting Security Issues | ||
|
||
Security issues should be reported privately, via email, to the Pepr Security Team at [email](mailto:pepr@defenseunicorns.com). You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. | ||
Security issues should be reported privately, via [GitHub UI](https://github.com/defenseunicorns/pepr/security/advisories/new), or via email to [pepr@defenseunicorns.com](mailto:pepr@defenseunicorns.com?subject=Vulnerability). We prefer that you do not post vulnerabilities in the public issue tracker to which could lead to disclosure of the vulnerability before a fix is available. For more info, read [Security Policy](https://github.com/defenseunicorns/pepr/security/policy). |