add security team #438
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| <!-- Please use this template while reporting a bug and provide as much info as possible. Not doing so may result in your bug not being addressed in a timely manner. Thanks! | ||
| --> | ||
|
|
||
| **What happened**: | ||
|
|
||
| **What you expected to happen**: | ||
|
|
||
| **How to reproduce it (as minimally and precisely as possible)**: | ||
|
|
||
| **Anything else we need to know?**: | ||
|
|
||
| **Environment**: | ||
|
|
||
| - Kurator version: | ||
| - kubectl version: | ||
| - fluxcd version: | ||
| - Others: | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| ## Report a Vulnerability | ||
|
|
||
|
|
||
| We sincerely request you to keep the vulnerability information confidential and responsibly disclose the vulnerabilities. | ||
|
|
||
| To report a vulnerability, please contact the [Security Team](security-groups.md). You can email the Security Team with the security details and the details expected for [kurator bug report](https://github.com/kurator-dev/kurator/security-team/bug-report.md). | ||
|
|
||
| The team will help diagnose the severity of the issue and determine how to address the issue. The reporter(s) can expect a response within 2 business day acknowledging the issue was received. If a response is not received within 2 business day, please reach out to any Security Team member (listed [here](security-groups.md), under the `The Security Team` section) directly to confirm receipt of the issue. We’ll try to keep you informed about our progress throughout the process. | ||
|
|
||
| ### When Should I Report a Vulnerability? | ||
|
|
||
| - You think you discovered a potential security vulnerability in Kurator | ||
| - You are unsure how a vulnerability affects Kurator | ||
|
|
||
| ### When Should I NOT Report a Vulnerability? | ||
|
|
||
| - You need help tuning Kurator components for security | ||
| - You need help applying security related updates | ||
| - Your issue is not security related | ||
|
|
||
| If you think you discovered a vulnerability in another project that Kurator depends on, and that project has their own vulnerability reporting and disclosure process, please report it directly there. | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| ## The Security Team | ||
|
|
||
| Owners: | ||
|
|
||
| - [xuzhonghu@huawei.com](mailto:xuzhonghu@huawei.com) | ||
|
|
||
| Members: | ||
|
|
||
| - [xuzhonghu@huawei.com](mailto:xuzhonghu@huawei.com) | ||
| - [xieqianglong@huawei.com](mailto:xieqianglong@huawei.com) | ||
| - [lizhencheng6@huawei.com](mailto:lizhencheng6@huawei.com) | ||
|
There was a problem hiding this comment. please donot use personal email, will apply a email group There was a problem hiding this comment. After applying for an email group, the content will be updated. There was a problem hiding this comment. Security team is a team consists of different people to handle security issues. |
||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why have bug-report here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Because I think that since we have a security vulnerability submission specification, we should also need a template for the submission content
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
bug report is a separate issue, no need to couple with vulnerability. It can be linked in developer guide