mirror of
https://github.com/containers/bootc.git
synced 2026-02-05 15:45:53 +01:00
cabadc66fb
This is implementing https://github.com/cncf/project-template/blob/main/GOVERNANCE-maintainer.md Co-authored-by: Colin Walters <walters@verbum.org> Signed-off-by: Joseph Marrero Corchado <jmarrero@redhat.com> Signed-off-by: Colin Walters <walters@verbum.org>
20 lines
921 B
Markdown
20 lines
921 B
Markdown
# Security Policy
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
If you find a potential security vulnerability in bootc, please report it by following these steps:
|
|
|
|
### 1. **Use the GitHub Security Tab**
|
|
This repository is set up to allow vulnerability reports through GitHub's Security Advisories feature. To report a vulnerability:
|
|
|
|
1. Navigate to the repository's main page.
|
|
2. Select the [**Security**](https://github.com/bootc-dev/bootc/security) tab.
|
|
3. Select **Advisories** from the left-hand sidebar.
|
|
4. Click on **Report a vulnerability**.
|
|
5. Fill in the required details and submit the report.
|
|
|
|
Following this process will create a private advisory for our maintainers to review.
|
|
|
|
### 2. **Do Not Open Public Pull Requests, Issues, or Discussions**
|
|
Please **do not** discuss the issue, create PRs, or start discussions about the vulnerability. This ensures the vulnerability is not widely exploited before a fix is provided.
|