Skip to content

Commit 663cf68

Browse files
rpwagnerrpwagner
authored
Merge pull request jupyter#1 from rcthomas/master
Tweak text and add github alerts sentence
2 parents 67e43da + 6111090 commit 663cf68

File tree

1 file changed

+14
-7
lines changed

1 file changed

+14
-7
lines changed

security.md

Lines changed: 14 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,15 @@
11
---
22
layout: page_md
33
title: Security
4-
tagline: Project Jupyter is committed to reducing the risk of using, deploying, operating, or developing Jupyter software.
4+
tagline: Project Jupyter is committed to reducing risk in using, deploying, operating, or developing Jupyter software.
55
permalink: /security
66
---
77

8-
## Report vulnerabilities
8+
The Jupyter Security Subproject exists to provide help and advice to Jupyter
9+
users, operators, and developers on security topics and to help coordinate handling
10+
of security issues.
11+
12+
## Reporting vulnerabilities
913

1014
If you believe you've found a security vulnerability in a Jupyter project,
1115
please report it to [security@ipython.org](mailto:security@ipython.org).
@@ -16,6 +20,9 @@ you can use [this PGP public key](assets/ipython_security.asc).
1620

1721
Known vulnerabilities are tracked using the [CVE vendor ID 15653 for Jupyter](https://www.cvedetails.com/vulnerability-list/vendor_id-15653/Jupyter.html).
1822

23+
[GitHub](https://docs.github.com/en/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies) provides alerts about vulnerable dependencies.
24+
If your supply chain includes Jupyter projects, these alerts can help you respond to vulnerabilities quickly and easily.
25+
1926
## Security documentation
2027

2128
Several Jupyter projects maintain security-related documentation regarding usage or deployment of
@@ -24,9 +31,9 @@ Jupyter software.
2431
- [jupyter-server](https://jupyter-server.readthedocs.io/en/latest/operators/security.html)
2532
- [jupyterhub](https://jupyterhub.readthedocs.io/en/stable/reference/websecurity.html)
2633

27-
## Jupyter Security Subproject
34+
## Community resources
35+
36+
We are working to identify and coordinate security efforts across the Jupyter community and within all the various subprojects.
37+
The [Jupyter Security](https://github.com/jupyter/security) GitHub repo has information how to participate and contribute.
38+
For discussion, please use the special Discourse [security topic](https://discourse.jupyter.org/c/special-topics/security/48) on the Jupyter Discourse server.
2839

29-
The Jupyter Security Subproject is working to identify and coordinate
30-
the security efforts throughout the Jupyter community. The
31-
[Jupyter Security](https://github.com/jupyter/security) GitHub repo
32-
has information how to participate and contribute.

0 commit comments

Comments
 (0)