github.com/argoproj/argo-events@v1.9.1/SECURITY.md

github.com/argoproj/argo-events@v1.9.1/SECURITY.md (about)

     1  # Security policy for Argo Events
     2  
     3  ## Reporting a Vulnerability
     4  
     5  If you find a security related bug in Argo Events, we kindly ask you for responsible
     6  disclosure and for giving us appropriate time to react, analyze and develop a
     7  fix to mitigate the found security vulnerability.
     8  
     9  Please report vulnerabilities by e-mail to the following address:
    10  
    11  * cncf-argo-security@lists.cncf.io
    12  
    13  All vulnerabilities and associated information will be treated with full confidentiality.
    14  
    15  ## Public Disclosure
    16  
    17  Security vulnerabilities will be disclosed via [release notes](docs/releasing.md) and using the
    18  [GitHub Security Advisories](https://github.com/argoproj/argo-events/security/advisories)
    19  feature to keep our community well informed, and will credit you for your findings (unless you prefer to stay anonymous, of course).
    20  
    21  ## Internet Bug Bounty collaboration
    22  
    23  We're happy to announce that the Argo project is collaborating with the great
    24  folks over at
    25  [Hacker One](https://hackerone.com/) and their
    26  [Internet Bug Bounty program](https://hackerone.com/ibb)
    27  to reward the awesome people who find security vulnerabilities in the four
    28  main Argo projects (CD, Events, Rollouts and Workflows) and then work with
    29  us to fix and disclose them in a responsible manner.
    30  
    31  If you report a vulnerability to us as outlined in this security policy, we
    32  will work together with you to find out whether your finding is eligible for
    33  claiming a bounty, and also on how to claim it.
    34  
    35  ## Vulnerability Scanning
    36  
    37  See [static code analysis](docs/static-code-analysis.md).