Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add SECURITY.md #20

Open
jessesuen opened this issue Mar 22, 2022 · 2 comments
Open

Add SECURITY.md #20

jessesuen opened this issue Mar 22, 2022 · 2 comments
Assignees

Comments

@jessesuen
Copy link
Member

The Argo maintainers recently agreed to require all Argoproj Labs project repositories to contain a SECURITY.md file which documents:

  • Contact information for reporting security vulnerabilities
  • Some minimal information about policies, practices, with possibly links to further documentation with more details

This will help direct vulnerability reporting to the right parties which can fix the issue.

You are free to use the following as examples/templates:

Also, please note that in the future we are exploring a requirement that argoproj-labs projects perform a CII self-assessment to better inform its users about which security best practices are being followed.

@jannfis
Copy link

jannfis commented Jun 3, 2022

Just bumping this one up. Could maintainers please take care to add a security policy to this repo?

Thanks!

@hirokuni-kitahara
Copy link
Collaborator

Hi @jessesuen @jannfis, we added SECURITY.md with the PR #23. Thank you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants