Adding security.md to sigstore repos #19
Assignees
Comments
|
thanks @annabellegoth2boss , could you show me where it shows "no security policy", is that a github thing? |
|
"No security policy" was just my shorthand for the result that will come up if someone uses a scanning tool or if they go to the Security tab on the repo (like Rekor's, for example). The concept of "security policy" stops at the repo level on GitHub--no way to apply one security policy to an entire org that I know of. |
|
Fair point, I will add a basic version that points back to the mothership version in community. Thanks for this @annabellegoth2boss |
|
actually I should ask, bit rude of me. Is this something you would like to work on @annabellegoth2boss ? |
This issue was closed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
With the security policy nested under the Community repo, repos like Rekor show up as "no security policy" -- whomp whomp :(
Could probably just have the security.md's in other repos point to this one so it can serve as the canonical policy.
The text was updated successfully, but these errors were encountered: