add security team #438
add security team #438
Conversation
Signed-off-by: LiZhenCheng9527 <lizhencheng6@huawei.com>
✅ Deploy Preview for kurator-dev canceled.
|
|
/lgtm |
security-team/security-groups.md
Outdated
|
|
||
| - [xuzhonghu@huawei.com](mailto:xuzhonghu@huawei.com) | ||
| - [xieqianglong@huawei.com](mailto:xieqianglong@huawei.com) | ||
| - [lizhencheng6@huawei.com](mailto:lizhencheng6@huawei.com) |
There was a problem hiding this comment.
please donot use personal email, will apply a email group
There was a problem hiding this comment.
After applying for an email group, the content will be updated.
There was a problem hiding this comment.
Security team is a team consists of different people to handle security issues.
I think it's fine to list team members here, but please make sure people report security issues to a email group.
security-team/bug-report.md
Outdated
| @@ -0,0 +1,17 @@ | |||
| <!-- Please use this template while reporting a bug and provide as much info as possible. Not doing so may result in your bug not being addressed in a timely manner. Thanks! | |||
There was a problem hiding this comment.
Because I think that since we have a security vulnerability submission specification, we should also need a template for the submission content
There was a problem hiding this comment.
bug report is a separate issue, no need to couple with vulnerability. It can be linked in developer guide
| @@ -0,0 +1,20 @@ | |||
| ## Report a Vulnerability | |||
Signed-off-by: LiZhenCheng9527 <lizhencheng6@huawei.com>
Signed-off-by: LiZhenCheng9527 <lizhencheng6@huawei.com>
| @@ -2,7 +2,7 @@ | |||
|
|
|||
| We sincerely request you to keep the vulnerability information confidential and responsibly disclose the vulnerabilities. | |||
|
|
|||
| To report a vulnerability, please contact the [Security Team](security-groups.md). You can email the Security Team with the security details and the details expected for [kurator bug report](https://github.com/kurator-dev/kurator/security-team/bug-report.md). | |||
| To report a vulnerability, please contact the Security Team: [kurator-security@googlegroups.com](mailto:kurator-security@googlegroups.com). You can email the Security Team with the security details and the details expected for [kurator report](https://github.com/kurator-dev/kurator/community/security/vulnerability-report-template.md). | |||
There was a problem hiding this comment.
dead link, i cannot jump to that.
|
|
||
| Owners: | ||
|
|
||
| - [hzxuzhonghu](https://github.com/hzxuzhonghu) |
|
|
||
| - [hzxuzhonghu](https://github.com/hzxuzhonghu) | ||
|
|
||
| Members: |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: hzxuzhonghu The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
I guess you need to rebase on the latest code, i can see the fossa is run on old config |
Signed-off-by: LiZhenCheng9527 <lizhencheng6@huawei.com>
|
/lgtm |
What type of PR is this?
/kind documentation
What this PR does / why we need it:
Provides specifications for kurator vulnerability submissions