Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: security markdown #662

Merged
merged 8 commits into from
Mar 20, 2024
Merged

chore: security markdown #662

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
d71e681
chore: security markdown
cmwylie19 Mar 18, 2024
e8a8a3e
chore: update docs
cmwylie19 Mar 18, 2024
5f73d90
chore: updates
cmwylie19 Mar 18, 2024
06c96eb
Merge branch 'main' into 639
cmwylie19 Mar 19, 2024
30786f8
Merge branch 'main' into 639
cmwylie19 Mar 20, 2024
945f2dc
Update docs/060_best-practices/README.md
cmwylie19 Mar 20, 2024
d54f523
Update docs/060_best-practices/README.md
cmwylie19 Mar 20, 2024
db923a0
Merge branch 'main' into 639
cmwylie19 Mar 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 29 additions & 0 deletions SECURITY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
# Security Policy

## Reporting a Vulnerability

If you discover a security vulnerability in Pepr, please report it to us by sending an email to [pepr@defenseunicorns.com](mailto:pepr@defenseunicorns.com?subject=Vulnerability) or directly through the [GitHub UI](https://github.com/defenseunicorns/pepr/security/advisories/new).

Please include the following details in your report:

- A clear description of the vulnerability
- Steps to reproduce the vulnerability
- Any additional information that may be helpful in understanding and fixing the issue

We appreciate your help in making Pepr more secure and will acknowledge your contribution in the remediation PR.

## Security Best Practices

To enhance the security of your Pepr Controller, we recommend following these best practices:

- Regularly update Pepr to the latest stable release.
- Secure Pepr through RBAC building in [scoped mode](https://docs.pepr.dev/main/user-guide/rbac/#scoped) taking into account access to the Kubernetes API server needed in the callbacks.
- Practice the principle of least privilege when assigning roles and permissions and avoid giving the service account more permissions than necessary.
- Use NetworkPolicy to restrict traffic from Pepr Controllers to the minimum required.
- Limit calls from Pepr to the Kubernetes API server to the minimum required.

By following these best practices, you can help protect your Pepr Controller from potential security threats.
cmwylie19 marked this conversation as resolved.
Show resolved Hide resolved

## Contact

If you have any questions or concerns regarding the security of Pepr, please contact us at pepr@defenseunicorns.com.
2 changes: 1 addition & 1 deletion docs/120_contribute/040_report-security-issue.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
# Reporting Security Issues

Security issues should be reported privately, via email, to the Pepr Security Team at [email](mailto:pepr@defenseunicorns.com). You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message.
Security issues should be reported privately, via [GitHub UI](https://github.com/defenseunicorns/pepr/security/advisories/new), or via email to [pepr@defenseunicorns.com](mailto:pepr@defenseunicorns.com?subject=Vulnerability). We prefer that you do not post vulnerabilities in the public issue tracker to which could lead to disclosure of the vulnerability before a fix is available. For more info, read [Security Policy](https://github.com/defenseunicorns/pepr/security/policy).
Loading