mirror of
https://github.com/kubernetes/node-problem-detector.git
synced 2026-06-07 08:46:41 +00:00
877b6d6908
- Update github.com/sirupsen/logrus v1.9.0 -> v1.9.3 in test/go.mod to fix GHSA-4f99-4q7p-p3gh (High) - Update github.com/prometheus/prometheus v0.35.0 -> v0.311.3 to fix GHSA-vffh-x6r8-xx99 (Medium) - Run go mod tidy and go mod vendor to update vendor directory
38 lines
1.4 KiB
Markdown
38 lines
1.4 KiB
Markdown
# Security Policy
|
|
|
|
This policy outlines the commitment and practices of the go-openapi maintainers regarding security.
|
|
|
|
## Supported Versions
|
|
|
|
| Version | Supported |
|
|
| ------- | ------------------ |
|
|
| O.x | :white_check_mark: |
|
|
|
|
## Vulnerability checks in place
|
|
|
|
This repository uses automated vulnerability scans, at every merged commit and at least once a week.
|
|
|
|
We use:
|
|
|
|
* [`GitHub CodeQL`][codeql-url]
|
|
* [`trivy`][trivy-url]
|
|
* [`govulncheck`][govulncheck-url]
|
|
|
|
Reports are centralized in github security reports and visible only to the maintainers.
|
|
|
|
## Reporting a vulnerability
|
|
|
|
If you become aware of a security vulnerability that affects the current repository,
|
|
**please report it privately to the maintainers**
|
|
rather than opening a publicly visible GitHub issue.
|
|
|
|
Please follow the instructions provided by github to [Privately report a security vulnerability][github-guidance-url].
|
|
|
|
> [!NOTE]
|
|
> On Github, navigate to the project's "Security" tab then click on "Report a vulnerability".
|
|
|
|
[codeql-url]: https://github.com/github/codeql
|
|
[trivy-url]: https://trivy.dev/docs/latest/getting-started
|
|
[govulncheck-url]: https://go.dev/blog/govulncheck
|
|
[github-guidance-url]: https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability
|