-
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
9e1c998
commit 786881c
Showing
1 changed file
with
33 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
# Security Policy | ||
|
||
## Existing tooling | ||
|
||
This repository is managed by | ||
[Walter](https://github.com/piotr-yuxuan/walter-ci), a CICD system. It | ||
enforces continuous vulnerability scans by the following tools: | ||
|
||
- https://github.com/rm-hull/nvd-clojure | ||
- https://github.com/clj-holmes/clj-holmes | ||
- https://github.com/aquasecurity/tfsec | ||
- https://github.com/aquasecurity/trivy | ||
|
||
## Supported Versions | ||
|
||
This message being present means that version `{{current-version}}` | ||
has been scrutinised on commit `{{current-commit}}`. See `git` log for | ||
history of supported versions. | ||
|
||
## Known vulnerabilities | ||
|
||
Vulnerabilities discovered by | ||
[nvd-clojure](https://github.com/rm-hull/nvd-clojure) are publicly | ||
disclosed in | ||
[`./doc/known-vulnerabilities.csv`](./doc/known-vulnerabilities.csv). As | ||
this repository is public and open-source, this is intended to inform | ||
your choice whether to use it, or not to use it. Beware that not all | ||
vulnerability can be exploited. | ||
|
||
## Reporting a Vulnerability | ||
|
||
Open an issue, or contact the [code owners](.github/CODEOWNERS.yml) on | ||
social media. |