github.com/jenkins-x/jx/v2@v2.1.155/SECURITY.md

github.com/jenkins-x/jx/v2@v2.1.155/SECURITY.md (about)

     1  # Security Policy
     2  
     3  The Jenkins X project takes security seriously. We make every possible effort to ensure users can adequately secure their automation infrastructure. To that end, we work with Jenkins X platform and app developers, as well as security researchers, to fix security vulnerabilities in Jenkins X in a timely manner, and to improve the security of Jenkins X in general.
     4  
     5  ## Supported Versions
     6  
     7  | Version | Supported          |
     8  | ------- | ------------------ |
     9  | 2.0.x   | :white_check_mark: |
    10  
    11  
    12  ## Reporting a Vulnerability
    13  
    14  If you find a vulnerability in Jenkins X, please report it in the Jenkins CI issue tracker under the [SECURITY](https://issues.jenkins-ci.org/browse/SECURITY) project. **Please do not report security issues in the github tracker.**
    15  This project is configured in such a way that only the reporter and the security team can see the details. By restricting access to this potentially sensitive information, we can work on a fix and deliver it before the method of attack becomes well-known.
    16  
    17  If you are unable to report using the above issue tracker, you can also send your report to the private Jenkins Security Team mailing list: jenkinsci-cert@googlegroups.com
    18  
    19  ## Vulnerabilities in Apps
    20  
    21  Whilst the Jenkins X team is not responsible for the quality of third party apps, please still use the above reporting mechanism and we will co-ordinate with the app developer to ensure a fix in a secure maner.