Etusivu Tutki Apua
Kirjaudu sisään
docker
/
cli
2
0
Fork 0
Tiedostot Ongelmat 0 Pull-pyynnöt 0 Wiki
Selaa lähdekoodia

add security policy

Based on the security policy in the Moby repository (with the name
of the project changed, and a link to to the Moby documentation for
maintained branches).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Sebastiaan van Stijn 8 kuukautta sitten
vanhempi
78de7da660
commit
e29292f921
1 muutettua tiedostoa jossa 44 lisäystä ja 0 poistoa
Jaettu näkymä Näytä diff tilastot
  1. 44 0
      SECURITY.md

+ 44 - 0
SECURITY.md
Näytä tiedosto 

@@ -0,0 +1,44 @@
 
+# Security Policy
 
+
 
+The maintainers of the Docker CLI take security seriously. If you discover
 
+a security issue, please bring it to their attention right away!
 
+
 
+## Reporting a Vulnerability
 
+
 
+Please **DO NOT** file a public issue, instead send your report privately
 
+to [security@docker.com](mailto:security@docker.com).
 
+
 
+Reporter(s) can expect a response within 72 hours, acknowledging the issue was
 
+received.
 
+
 
+## Review Process
 
+
 
+After receiving the report, an initial triage and technical analysis is
 
+performed to confirm the report and determine its scope. We may request
 
+additional information in this stage of the process.
 
+
 
+Once a reviewer has confirmed the relevance of the report, a draft security
 
+advisory will be created on GitHub. The draft advisory will be used to discuss
 
+the issue with maintainers, the reporter(s), and where applicable, other
 
+affected parties under embargo.
 
+
 
+If the vulnerability is accepted, a timeline for developing a patch, public
 
+disclosure, and patch release will be determined. If there is an embargo period
 
+on public disclosure before the patch release, the reporter(s) are expected to
 
+participate in the discussion of the timeline and abide by agreed upon dates
 
+for public disclosure.
 
+
 
+## Accreditation
 
+
 
+Security reports are greatly appreciated and we will publicly thank you,
 
+although we will keep your name confidential if you request it. We also like to
 
+send gifts - if you're into swag, make sure to let us know. We do not currently
 
+offer a paid security bounty program at this time.
 
+
 
+## Supported Versions
 
+
 
+This project uses long-lived branches to maintain releases, and follows
 
+the maintenance cycle of the Moby project.
 
+Refer to [BRANCHES-AND-TAGS.md](https://github.com/moby/moby/blob/master/project/BRANCHES-AND-TAGS.md)
 
+in the default branch of the moby repository to learn about the current
 
+maintenance status of each branch.