-
Notifications
You must be signed in to change notification settings - Fork 62
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create SECURITY.md for security reports #243
Conversation
Signed-off-by: Deepesha Burse <87636253+deepeshaburse@users.noreply.github.com>
cc: @TerryHowe The mail ID and number of days required for action haven't been added. Please let me know what should be written there. |
Maybe we want to put this text in the document and create a SECURITY.md in each repo that links to the web page? |
Sure |
I think this would be helpful: https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability Once this PR gets approved and merged, I'll make similar PRs across all the other repos. |
Signed-off-by: Deepesha Burse <87636253+deepeshaburse@users.noreply.github.com>
The link to the webpage will not work unless PR #244 does not get merged. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
Need to hold this until the other PR merges as you say.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Signed-off-by: Deepesha Burse <87636253+deepeshaburse@users.noreply.github.com>
@TerryHowe and @asmitbm updated content with semantic line breaks. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
Great, thanks! (Still holding for other PR though)
Partial oras-project/community#11 |
Co-authored-by: Terry Howe <terrylhowe@gmail.com> Signed-off-by: Deepesha Burse <87636253+deepeshaburse@users.noreply.github.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
This PR will redirect the reader to the ORAS' security policy in the documentation.
Link to PR for security policy: #244
It fixes #198