mirror of
https://github.com/open-cluster-management-io/ocm.git
synced 2026-05-17 06:37:48 +00:00
93b215f4c2
Bumps the k8s-io group with 1 update: [sigs.k8s.io/cluster-inventory-api](https://github.com/kubernetes-sigs/cluster-inventory-api). Updates `sigs.k8s.io/cluster-inventory-api` from 0.0.0-20251124125836-445319b6307a to 0.1.0 - [Release notes](https://github.com/kubernetes-sigs/cluster-inventory-api/releases) - [Changelog](https://github.com/kubernetes-sigs/cluster-inventory-api/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/cluster-inventory-api/commits/v0.1.0) --- updated-dependencies: - dependency-name: sigs.k8s.io/cluster-inventory-api dependency-version: 0.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: k8s-io ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
38 lines
1.4 KiB
Markdown
38 lines
1.4 KiB
Markdown
# Security Policy
|
|
|
|
This policy outlines the commitment and practices of the go-openapi maintainers regarding security.
|
|
|
|
## Supported Versions
|
|
|
|
| Version | Supported |
|
|
| ------- | ------------------ |
|
|
| O.x | :white_check_mark: |
|
|
|
|
## Vulnerability checks in place
|
|
|
|
This repository uses automated vulnerability scans, at every merged commit and at least once a week.
|
|
|
|
We use:
|
|
|
|
* [`GitHub CodeQL`][codeql-url]
|
|
* [`trivy`][trivy-url]
|
|
* [`govulncheck`][govulncheck-url]
|
|
|
|
Reports are centralized in github security reports and visible only to the maintainers.
|
|
|
|
## Reporting a vulnerability
|
|
|
|
If you become aware of a security vulnerability that affects the current repository,
|
|
**please report it privately to the maintainers**
|
|
rather than opening a publicly visible GitHub issue.
|
|
|
|
Please follow the instructions provided by github to [Privately report a security vulnerability][github-guidance-url].
|
|
|
|
> [!NOTE]
|
|
> On Github, navigate to the project's "Security" tab then click on "Report a vulnerability".
|
|
|
|
[codeql-url]: https://github.com/github/codeql
|
|
[trivy-url]: https://trivy.dev/docs/latest/getting-started
|
|
[govulncheck-url]: https://go.dev/blog/govulncheck
|
|
[github-guidance-url]: https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability
|