You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: SECURITY.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,6 @@
1
1
# SAS® Viya® Monitoring for Kubernetes Security Policy
2
2
3
-
Project maintainers and community contributors take security issues seriously. We appreciate efforts to disclose potential issues responsibly and will acknowledge viable contributions. To aid in the investigation of reported vulnerabilities, please follow the [reporting guidelines](#reporting-guidelines) outlined below.
3
+
The project maintainers and community contributors take security issues seriously. We appreciate efforts to disclose potential issues responsibly and will acknowledge viable contributions. To aid in the investigation of reported vulnerabilities, please follow the [reporting guidelines](#reporting-guidelines) outlined below.
4
4
5
5
## Scope of Security Reports
6
6
@@ -11,7 +11,7 @@ The following components are directly maintained by this project and should be r
11
11
* Project-specific configuration files and templates
12
12
* Custom Kubernetes manifests and Helm charts
13
13
* Project documentation and guidance
14
-
* Any other artifacts created and maintained specifically by the SAS Viya Monitoring project
14
+
* Any other artifacts created and maintained specifically by the SAS Viya Monitoring for Kubernetes project
15
15
16
16
### Out of Scope
17
17
This project deploys and configures various third-party open-source monitoring tools. For a complete inventory of third-party components used by this project, please refer to [ARTIFACT_INVENTORY.md](ARTIFACT_INVENTORY.md).
@@ -22,7 +22,7 @@ Vulnerabilities in these underlying components should be reported to their respe
22
22
* Prometheus - Report via [Prometheus Security](https://github.com/prometheus/prometheus/security)
23
23
* OpenSearch - Report via [OpenSearch Security](https://github.com/opensearch-project/OpenSearch/security)
24
24
25
-
Vulnerabilities identified through container image scanning (e.g., DAST, SAST, or vulnerability scanners) should be reported directly to the project that maintains the container image. For example, if a scan of the OpenSearch container image reveals vulnerabilities, these should be reported to the OpenSearch project, not to SAS Viya Monitoring.
25
+
Vulnerabilities identified through container image scanning should be reported directly to the project that maintains the container image. For example, if a scan of the OpenSearch container image reveals vulnerabilities, these should be reported to the OpenSearch project, not to SAS Viya Monitoring for Kubernetes.
26
26
27
27
If you're unsure whether a vulnerability belongs to our project's code or an underlying component, please submit the report through our process and we will help direct it to the appropriate team.
28
28
@@ -36,7 +36,7 @@ To report a suspected security issue that is in scope for this project, use GitH
36
36
Please provide the following information with your security report:
37
37
38
38
* Your name and affiliation (if applicable)
39
-
* Version/build-date of the SAS Viya Monitoring project
39
+
* Version/build-date of the SAS Viya Monitoring for Kubernetes project
0 commit comments