Skip to content

Latest commit

 

History

History
81 lines (53 loc) · 17.4 KB

LICENSE.md

File metadata and controls

81 lines (53 loc) · 17.4 KB

GitLab Advisory Database Terms

Last Updated: May 2, 2022

Welcome to the GitLab, Inc. (“GitLab”) Advisory Database, which is made available via the website located at https://gitlab.com/gitlab-org/security-products/gemnasium-db (the “GitLab Advisory Database”). Please read these terms and conditions (the “Advisory Database Terms”) carefully because they govern your access to and use of the GitLab Advisory Database, the advisory database, and all related information, data, and content made accessible via the GitLab Advisory Database (collectively, the “Advisory Database”).

1. Agreement to Advisory Database Terms

By clicking “agree” or accessing or using the Advisory Database, you agree to be bound by these Advisory Database Terms. If you don’t agree to be bound by these Advisory Database Terms, do not attempt to access or use the Advisory Database. If you are accessing or using the Advisory Database on behalf of a company (such as your employer) or other legal entity, you represent and warrant that you have the authority to bind that company or other legal entity to these Advisory Database Terms. In that case, “you” and “your” will refer to that company or other legal entity.

2. Changes to Advisory Database Terms or Advisory Database

We may update the Advisory Database Terms at any time, in our sole discretion. If we do so, we’ll let you know either by posting the updated Advisory Database Terms on the GitLab Advisory Database or through other communications. It’s important that you review the Advisory Database Terms whenever we update them or you use the Advisory Database. If you continue to use the Advisory Database after we have posted updated Advisory Database Terms, you are agreeing to be bound by the updated Advisory Database Terms. If you don’t agree to be bound by the updated Advisory Database Terms, then you may not use the Advisory Database anymore. Because our Advisory Database is evolving over time we may change or discontinue all or any part of the Advisory Database, at any time and without notice, at our sole discretion.

3. Contributions

We allow contributions to the Advisory Database by submitting a merge request (“Contribution”) to https://gitlab.com/gitlab-org/security-products/gemnasium-db. You grant to us a non-exclusive, transferable, worldwide, perpetual, irrevocable, fully-paid, royalty-free license, with the right to sublicense, under any and all intellectual property rights that you own or control to use, copy, modify, create derivative works based upon and otherwise exploit the Contribution for any purpose.

4. Content Ownership, Responsibility and Removal

  • (a) Definitions. For purposes of these Advisory Database Terms: (i) “Content” means data, text, graphics, images, software, audio, video, works of authorship of any kind, and information or other materials that are posted, generated, provided or otherwise made available through the Advisory Database; and (ii) “User Content” means any Content, including security alerts or related information, that Account holders or other users (including you) provide to be made available through the Advisory Database.
  • (b) Our Content Ownership. GitLab does not claim any ownership rights in any User Content and nothing in these Advisory Database Terms will be deemed to restrict any rights that you may have to use and exploit your User Content. Subject to the foregoing, GitLab and its licensors exclusively own all right, title and interest in and to the Advisory Database and Content, including all associated intellectual property rights. You acknowledge that the Advisory Database and Content are protected by copyright, trademark, and other laws of the United States and foreign countries. You agree not to remove, alter or obscure any copyright, trademark, service mark or other proprietary rights notices incorporated in or accompanying the Advisory Database or Content.
  • (c) Rights in User Content Granted by You. By making any User Content available through the Advisory Database you hereby grant to GitLab a perpetual, non-exclusive, transferable, worldwide, royalty-free license, with the right to sublicense, to integrate your User Content into the Advisory Database and to use, copy, modify, create derivative works based upon, distribute, publicly display, and publicly perform your User Content in connection with operating and providing the Advisory Database.
  • (d) Your Responsibility for User Content. You are solely responsible for all your User Content. You represent and warrant that you own all your User Content or you have all rights that are necessary to grant us the license rights in your User Content under these Advisory Database Terms. You also represent and warrant that neither your User Content, nor your use and provision of your User Content to be made available through the Advisory Database, nor any use of your User Content by GitLab on or through the Advisory Database will infringe, misappropriate or violate a third party’s intellectual property rights, or rights of publicity or privacy, or result in the violation of any applicable law or regulation.
  • (e) Removal of User Content. Once posted, some or all of your User Content (such as posts or comments you make) may not be removed from the Advisory Database, and copies of your User Content may continue to exist on or in the Advisory Database. We are not responsible or liable for the removal or deletion of (or the failure to remove or delete) any of your User Content.
  • (f) Rights in Content Granted by GitLab; No Downloads or Copying. Subject to your compliance with these Advisory Database Terms, GitLab grants you a limited, non-exclusive, non-transferable license, with no right to sublicense, to access, view and use the Content solely in connection with your Permitted Use of the Advisory Database. "Permitted Use" shall mean any use of the Advisory Database that is not expressly prohibited under Section 5, below. GitLab grants you no right to and you expressly agree not to download, copy, or otherwise store in electronic or other form any of the Content.

5. General Prohibitions and GitLab’s Enforcement Rights

You agree not to do any of the following:

  • (a) Post, upload, publish, submit or transmit any Content that: (i) infringes, misappropriates or violates a third party’s patent, copyright, trademark, trade secret, moral rights or other intellectual property rights, or rights of publicity or privacy; (ii) violates, or encourages any conduct that would violate, any applicable law or regulation or would give rise to civil liability; (iii) is fraudulent, false, misleading or deceptive; (iv) is defamatory, obscene, pornographic, vulgar or offensive; (v) promotes discrimination, bigotry, racism, hatred, harassment or harm against any individual or group; (vi) is violent or threatening or promotes violence or actions that are threatening to any person or entity; or (vii) promotes illegal or harmful activities or substances;
  • (b) Use, display, mirror or frame the Advisory Database or any individual element within the Advisory Database, GitLab’s name, any GitLab trademark, logo or other proprietary information, or the layout and design of any page or form contained on a page, without GitLab’s express written consent;
  • (c) Access, tamper with, or use non-public areas of the Advisory Database, GitLab’s computer systems, or the technical delivery systems of GitLab’s providers;
  • (d) Attempt to probe, scan or test the vulnerability of any GitLab system or network or breach any security or authentication measures;
  • (e) Avoid, bypass, remove, deactivate, impair, descramble or otherwise circumvent any technological measure implemented by GitLab or any of GitLab’s providers or any other third party (including another user) to protect the Advisory Database or Content;
  • (f) Attempt to access or search the Advisory Database or Content or download Content from the Advisory Database through the use of any engine, software, tool, agent, device or mechanism (including spiders, robots, crawlers, data mining tools or the like) other than the software and/or search agents provided by GitLab or other generally available third-party web browsers;
  • (g) Send any unsolicited or unauthorized advertising, promotional materials, email, junk mail, spam, chain letters or other form of solicitation;
  • (h) Use any meta tags or other hidden text or metadata utilizing a GitLab trademark, logo URL or product name without GitLab’s express written consent;
  • (i) Use the Advisory Database or Content, or any portion thereof, in any manner not permitted by these Advisory Database Terms;
  • (j) Forge any TCP/IP packet header or any part of the header information in any email or newsgroup posting, or in any way use the Advisory Database or Content to send altered, deceptive or false source-identifying information;
  • (k) Attempt to decipher, decompile, disassemble or reverse engineer any of the software used to provide the Advisory Database or Content;
  • (l) Interfere with, or attempt to interfere with, the access of any user, host or network, including, without limitation, sending a virus, overloading, flooding, spamming, or mail-bombing the Advisory Database;
  • (m) Collect or store any personally identifiable information from the Advisory Database from other users of the Advisory Database without their express permission;
  • (n) Impersonate or misrepresent your affiliation with any person or entity;
  • (o) Violate any applicable law or regulation; or
  • (p) Encourage or enable any other individual to do any of the foregoing.

Although GitLab is not obligated to monitor access to or use of the Advisory Database or Content or to review or edit any Content, we have the right to do so for the purpose of operating the Advisory Database, to ensure compliance with these Advisory Database Terms and to comply with applicable law or other legal requirements. We reserve the right, but are not obligated, to remove or disable access to any Content, at any time and without notice, including, but not limited to, if we, at our sole discretion, consider any Content to be objectionable or in violation of these Advisory Database Terms. We have the right to investigate violations of these Advisory Database Terms or conduct that affects the Advisory Database. We may also consult and cooperate with law enforcement authorities to prosecute users who violate the law.

6. DMCA/Copyright Policy

GitLab respects copyright law and expects its users to do the same. It is GitLab’s policy to terminate in appropriate circumstances Account holders who repeatedly infringe or are believed to be repeatedly infringing the rights of copyright holders. Please see GitLab’s DMCA Policy at https://about.gitlab.com/handbook/dmca/ for further information.

7. Links to Third Party Websites or Resources

The Advisory Database may contain links to third-party websites or resources. We provide these links only as a convenience and are not responsible for the content, products or Advisory Database on or available from those websites or resources or links displayed on such websites. You acknowledge sole responsibility for and assume all risk arising from your use of any third-party websites or resources.

8. Termination

We may terminate your access to and use of the Advisory Database, at our sole discretion, at any time and without notice to you. Upon any termination, discontinuation or cancellation of the Advisory Database or your Account, the following Sections will survive: 4, 5, 9, 10, 11, and 12.

9. Warranty Disclaimers

THE Advisory Database AND CONTENT ARE PROVIDED “AS IS,” WITHOUT WARRANTY OF ANY KIND. WITHOUT LIMITING THE FOREGOING, WE EXPLICITLY DISCLAIM ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT AND NON-INFRINGEMENT, AND ANY WARRANTIES ARISING OUT OF THE COURSE OF DEALING OR USAGE OF TRADE. We make no warranty that the Advisory Database will meet your requirements or be available on an uninterrupted, secure, or error-free basis. We make no warranty regarding the quality, accuracy, timeliness, truthfulness, completeness or reliability of any Content. You acknowledge and agree that the Advisory Database is based in part on information and alerts made available by third parties, and that GitLab is not responsible for and will have no liability related to the accuracy or completeness of any security alerts, data, or other Content made available through the Advisory Database. THE ADVISORY DATABASE IS NOT A COMPLETE SOURCE OF ALL POTENTIAL SECURITY THREATS AND/OR VULNERABILITIES AND SHOULD NOT BE RELIED UPON OR USED AS A SUBSTITUTE FOR THE ADVICE AND RECOMMENDATIONS OF YOUR OWN SECURITY PROFESSIONALS FOR IMPLEMENTING A COMPREHENSIVE SECURITY PLAN.

10. Limitation of Liability

  • (a) NEITHER GITLAB NOR ANY OTHER PARTY INVOLVED IN CREATING, PRODUCING, OR DELIVERING THE ADVISORY DATABASE OR CONTENT WILL BE LIABLE FOR ANY INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES, OR DAMAGES FOR LOST PROFITS, LOST REVENUES, LOST SAVINGS, LOST BUSINESS OPPORTUNITY, LOSS OF DATA OR GOODWILL, SERVICE INTERRUPTION, COMPUTER DAMAGE OR SYSTEM FAILURE OR THE COST OF SUBSTITUTE ADVISORY DATABASE OF ANY KIND ARISING OUT OF OR IN CONNECTION WITH THESE ADVISORY DATABASE TERMS OR FROM THE USE OF OR INABILITY TO USE THE ADVISORY DATABASE OR CONTENT, WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), PRODUCT LIABILITY OR ANY OTHER LEGAL THEORY, AND WHETHER OR NOT GITLAB OR ANY OTHER PARTY HAS BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGES, EVEN IF A LIMITED REMEDY SET FORTH HEREIN IS FOUND TO HAVE FAILED OF ITS ESSENTIAL PURPOSE. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, SO THE ABOVE LIMITATION MAY NOT APPLY TO YOU.
  • (b) IN NO EVENT WILL GITLAB’S TOTAL LIABILITY ARISING OUT OF OR IN CONNECTION WITH THESE ADVISORY DATABASE TERMS OR FROM THE USE OF OR INABILITY TO USE THE ADVISORY DATABASE OR CONTENT EXCEED THE AMOUNTS YOU HAVE PAID TO GITLAB FOR USE OF THE ADVISORY DATABASE OR CONTENT OR ONE HUNDRED DOLLARS ($100), IF YOU HAVE NOT HAD ANY PAYMENT OBLIGATIONS TO GITLAB, AS APPLICABLE.
  • (c) THE EXCLUSIONS AND LIMITATIONS OF DAMAGES SET FORTH ABOVE ARE FUNDAMENTAL ELEMENTS OF THE BASIS OF THE BARGAIN BETWEEN GITLAB AND YOU.

11. Governing Law and Forum Choice

These Advisory Database Terms will be governed by the laws of the State of California, U.S.A. without regard to its conflict of laws provisions. The federal and state courts sitting in San Francisco County, California, U.S.A. will have proper and exclusive jurisdiction and venue with respect to any disputes arising from or related to the subject matter of this Agreement.

12. General Advisory Database Terms

  • (a) Entire Agreement; Other Terms. These Advisory Database Terms constitute the entire and exclusive understanding and agreement between GitLab and you regarding the Advisory Database and Content, and these Advisory Database Terms supersede and replace any and all prior oral or written understandings or agreements between GitLab and you regarding the Advisory Database and Content. Without limiting the foregoing, these Advisory Database Terms supplement and are in addition to any other Terms posted at https://about.gitlab.com/terms/, or on any other GitLab website, and any other agreement between you and GitLab or any of its affiliates (collectively, the “Other Terms”). In the event of any conflict between these Advisory Database Terms and any of the Other Terms with respect to your access to or use of the Advisory Database, these Advisory Database Terms will control and govern. If any provision of these Advisory Database Terms is held invalid or unenforceable by a court of competent jurisdiction, that provision will be enforced to the maximum extent permissible and the other provisions of these Advisory Database Terms will remain in full force and effect. You may not assign or transfer these Advisory Database Terms, by operation of law or otherwise, without GitLab’s prior written consent. Any attempt by you to assign or transfer these Advisory Database Terms, without such consent, will be null. GitLab may freely assign or transfer these Advisory Database Terms without restriction. Subject to the foregoing, these Advisory Database Terms will bind and inure to the benefit of the parties, their successors and permitted assigns.
  • (b) Notices. Any notices or other communications provided by GitLab under these Advisory Database Terms, including those regarding modifications to these Advisory Database Terms, will be given: (i) via email; or (ii) by posting to the Advisory Database. For notices made by e-mail, the date of receipt will be deemed the date on which such notice is transmitted.
  • (c) Waiver of Rights. GitLab’s failure to enforce any right or provision of these Advisory Database Terms will not be considered a waiver of such right or provision. The waiver of any such right or provision will be effective only if in writing and signed by a duly authorized representative of GitLab. Except as expressly set forth in these Advisory Database Terms, the exercise by either party of any of its remedies under these Advisory Database Terms will be without prejudice to its other remedies under these Advisory Database Terms or otherwise.