Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create SECURITY.md for security reports #243

Merged
merged 5 commits into from
Aug 24, 2023
Merged

Create SECURITY.md for security reports #243

merged 5 commits into from
Aug 24, 2023

Conversation

deepeshaburse
Copy link
Contributor

@deepeshaburse deepeshaburse commented Aug 6, 2023
edited
Loading

This PR will redirect the reader to the ORAS' security policy in the documentation.

Link to PR for security policy: #244

It fixes #198

@deepeshaburse
Create SECURITY.md
0cfe0a3 
Signed-off-by: Deepesha Burse <87636253+deepeshaburse@users.noreply.github.com>
@deepeshaburse
Copy link
Contributor Author

cc: @TerryHowe

The mail ID and number of days required for action haven't been added. Please let me know what should be written there.

@deepeshaburse deepeshaburse mentioned this pull request Aug 6, 2023
Merged
TerryHowe
TerryHowe reviewed Aug 7, 2023
View reviewed changes
SECURITY.md Outdated Show resolved Hide resolved
SECURITY.md Outdated Show resolved Hide resolved
@TerryHowe
Copy link
Member

Maybe we want to put this text in the document and create a SECURITY.md in each repo that links to the web page?

@deepeshaburse
Copy link
Contributor Author

deepeshaburse commented Aug 7, 2023
edited
Loading

Maybe we want to put this text in the document and create a SECURITY.md in each repo that links to the web page?

Sure

@deepeshaburse
Copy link
Contributor Author

deepeshaburse commented Aug 7, 2023
edited
Loading

I think this would be helpful: https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability

Once this PR gets approved and merged, I'll make similar PRs across all the other repos.

@deepeshaburse
Update SECURITY.md
c6843b2 
Signed-off-by: Deepesha Burse <87636253+deepeshaburse@users.noreply.github.com>
@deepeshaburse
Copy link
Contributor Author

The link to the webpage will not work unless PR #244 does not get merged.

TerryHowe
TerryHowe previously approved these changes Aug 9, 2023
View reviewed changes
Copy link
Member

@TerryHowe TerryHowe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

Need to hold this until the other PR merges as you say.

asmitbm
asmitbm previously approved these changes Aug 9, 2023
View reviewed changes
Copy link
Member

@asmitbm asmitbm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@deepeshaburse
Merge branch 'oras-project:main' into security-report
1de9f57
@deepeshaburse
Update with semantic line breaks
9629dc4 
Signed-off-by: Deepesha Burse <87636253+deepeshaburse@users.noreply.github.com>
@deepeshaburse deepeshaburse dismissed stale reviews from asmitbm and TerryHowe via 9629dc4 August 11, 2023 18:27
@deepeshaburse
Copy link
Contributor Author

@TerryHowe and @asmitbm updated content with semantic line breaks.

TerryHowe
TerryHowe approved these changes Aug 14, 2023
View reviewed changes
Copy link
Member

@TerryHowe TerryHowe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

Great, thanks! (Still holding for other PR though)

sajayantony
sajayantony previously approved these changes Aug 16, 2023
View reviewed changes
TerryHowe
TerryHowe requested changes Aug 21, 2023
View reviewed changes
SECURITY.md Outdated Show resolved Hide resolved
@TerryHowe
Copy link
Member

Partial oras-project/community#11

@deepeshaburse @TerryHowe
Update SECURITY.md
9cce568 
Co-authored-by: Terry Howe <terrylhowe@gmail.com>
Signed-off-by: Deepesha Burse <87636253+deepeshaburse@users.noreply.github.com>
TerryHowe
TerryHowe approved these changes Aug 21, 2023
View reviewed changes
Copy link
Member

@TerryHowe TerryHowe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@TerryHowe TerryHowe merged commit c1b0af5 into oras-project:main Aug 24, 2023
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TerryHowe TerryHowe TerryHowe approved these changes

@sajayantony sajayantony sajayantony approved these changes

@asmitbm asmitbm asmitbm left review comments

@FeynmanZhou FeynmanZhou Awaiting requested review from FeynmanZhou FeynmanZhou is a code owner

@shizhMSFT shizhMSFT Awaiting requested review from shizhMSFT shizhMSFT is a code owner

@SteveLasker SteveLasker Awaiting requested review from SteveLasker SteveLasker is a code owner

@vsoch vsoch Awaiting requested review from vsoch vsoch is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add contributor guidance for security concerns
4 participants
@deepeshaburse @TerryHowe @sajayantony @asmitbm