Skip to content

Commit e29292f

Browse files
thaJeztahthaJeztah
committed
add security policy
Based on the security policy in the Moby repository (with the name of the project changed, and a link to to the Moby documentation for maintained branches). Signed-off-by: Sebastiaan van Stijn <[email protected]>
1 parent 78de7da commit e29292f

File tree

1 file changed

+44
-0
lines changed

1 file changed

+44
-0
lines changed

SECURITY.md

+44
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
# Security Policy
2+
3+
The maintainers of the Docker CLI take security seriously. If you discover
4+
a security issue, please bring it to their attention right away!
5+
6+
## Reporting a Vulnerability
7+
8+
Please **DO NOT** file a public issue, instead send your report privately
9+
to [[email protected]](mailto:[email protected]).
10+
11+
Reporter(s) can expect a response within 72 hours, acknowledging the issue was
12+
received.
13+
14+
## Review Process
15+
16+
After receiving the report, an initial triage and technical analysis is
17+
performed to confirm the report and determine its scope. We may request
18+
additional information in this stage of the process.
19+
20+
Once a reviewer has confirmed the relevance of the report, a draft security
21+
advisory will be created on GitHub. The draft advisory will be used to discuss
22+
the issue with maintainers, the reporter(s), and where applicable, other
23+
affected parties under embargo.
24+
25+
If the vulnerability is accepted, a timeline for developing a patch, public
26+
disclosure, and patch release will be determined. If there is an embargo period
27+
on public disclosure before the patch release, the reporter(s) are expected to
28+
participate in the discussion of the timeline and abide by agreed upon dates
29+
for public disclosure.
30+
31+
## Accreditation
32+
33+
Security reports are greatly appreciated and we will publicly thank you,
34+
although we will keep your name confidential if you request it. We also like to
35+
send gifts - if you're into swag, make sure to let us know. We do not currently
36+
offer a paid security bounty program at this time.
37+
38+
## Supported Versions
39+
40+
This project uses long-lived branches to maintain releases, and follows
41+
the maintenance cycle of the Moby project.
42+
Refer to [BRANCHES-AND-TAGS.md](https://github.com/moby/moby/blob/master/project/BRANCHES-AND-TAGS.md)
43+
in the default branch of the moby repository to learn about the current
44+
maintenance status of each branch.

0 commit comments

Comments
 (0)