Skip to content

Create SECURITY.md #144

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jan 22, 2025
Merged

Create SECURITY.md #144

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions SECURITY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
# Reporting Security Issues

To report a security issue, please use http://g.co/vulnz. We use
http://g.co/vulnz for our intake, and do coordination and disclosure here on
GitHub (including using [GitHub Security Advisory]). The Google Security Team will
respond within 5 working days of your report on g.co/vulnz.
Comment on lines +3 to +6
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

low

While the short link is convenient, it's helpful to also include the full URL for clarity and in case the short link ever breaks. Consider adding both the short link and the full URL.

Suggested change
To report a security issue, please use http://g.co/vulnz. We use
http://g.co/vulnz for our intake, and do coordination and disclosure here on
GitHub (including using [GitHub Security Advisory]). The Google Security Team will
respond within 5 working days of your report on g.co/vulnz.
To report a security issue, please use [http://g.co/vulnz](https://google.com/vulnerability-reward-program). We use
[http://g.co/vulnz](https://google.com/vulnerability-reward-program) for our intake, and do coordination and disclosure here on
GitHub (including using [GitHub Security Advisory]). The Google Security Team will
respond within 5 working days of your report on [g.co/vulnz](https://google.com/vulnerability-reward-program).


[GitHub Security Advisory]: https://github.com/GoogleContainerTools/skaffold/security/advisories
Comment on lines +1 to +8
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

low

Consider adding information about:

  • Security Disclosure Policy: Briefly explain the project's commitment to responsible disclosure and how it handles reported vulnerabilities.
  • Supported Versions: Specify which versions of the project receive security updates.
  • Security Audits: If any security audits have been conducted, mention them and link to the reports (if available).
  • Contact Information: Provide an alternative contact method (e.g., email address) for security issues, in addition to the Google Vulnerability Reward Program link.

Loading