-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Updated vulnerability alerting and reporting
- Loading branch information
1 parent
c9accfe
commit 8909b54
Showing
2 changed files
with
5 additions
and
13 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -4,24 +4,18 @@ Using reelyActive open source software securely | |
| If you're reading this, it is likely because you take open source software security seriously. _Thank you!_ | ||
|
|
||
|
|
||
| Observe best practices | ||
| ---------------------- | ||
|
|
||
| We are currently compiling an open source software security best practices document. Link to come. | ||
|
|
||
|
|
||
| Keep up to date | ||
| --------------- | ||
|
|
||
| Unless otherwise specified, it is recommended to regularly update to the most recent version of this software package, and to review the security test results, ideally automating this process and including an alerting feature. | ||
|
|
||
| Observe the [vulnerabilities badge](README.md#security) on the project README page and follow the link to consult independent test results by [snyk.io](https://snyk.io) of the latest commit. | ||
| Unless otherwise specified, it is recommended to regularly update to the most recent version of this software package, and to review the security test results, including any [Dependabot alerts](https://docs.github.com/code-security/dependabot/dependabot-alerts) listed under the Security tab of this GitHub repository, ideally automating this process and including an alerting feature. | ||
|
|
||
|
|
||
| Disclose a vulnerability | ||
| ------------------------ | ||
|
|
||
| Should you discover a novel security issue or vulnerability, kindly __report your findings to [email protected]__, and provide sufficient detail to effectively address, if not resolve, the issue. Kindly also provide a means of contact should additional detail be required, _and also so we can return our thanks!_ | ||
| Should you discover a novel security issue or vulnerability, kindly __report your findings privately__, either to __[email protected]__, or with the __Report a vulnerability__ feature under the Security tab of this GitHub repository. | ||
|
|
||
| Kindly provide sufficient detail to effectively address, if not resolve, the issue, as well as a means of contact should additional detail be required, _and so that we may return our thanks!_ | ||
|
|
||
|
|
||
| These security guidelines were drafted by [the reelyActive team](https://reelyactive.com/team/) and we invite you to adapt them for your own projects under a [Creative Commons Attribution 4.0 International License](https://creativecommons.org/licenses/by/4.0/). | ||
| These security guidelines were drafted by [the reelyActive team](https://www.reelyactive.com/team/) and we invite you to adapt them for your own projects under a [Creative Commons Attribution 4.0 International License](https://creativecommons.org/licenses/by/4.0/). | ||