knative
/
docs
mirror of https://github.com/knative/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

adds security page to site (#4808) 

Signed-off-by: Paul S. Schweigert <paulschw@us.ibm.com>
This commit is contained in:
Paul Schweigert 2022-03-04 21:36:33 -05:00 committed by GitHub
parent 0e66e9058b
commit c6bf38d4cf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 38 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
config/nav.yml
View File

@ -239,6 +239,7 @@ nav:
- Client: reference/client/README.md
- Concepts:
- Duck types: reference/concepts/duck-typing.md
- Security: reference/security/README.md
- "Community":
- Welcome to the community: community/README.md
- Contribute to Knative: community/contributing.md

37
docs/reference/security/README.md Normal file
View File

@ -0,0 +1,37 @@
# Knative Security and Disclosure Information
This page describes Knative security and disclosure information.
## Knative threat model
* [Threat model](https://github.com/knative/community/blob/main/working-groups/security/threat-model.md)
## Report a vulnerability
We're extremely grateful for security researchers and users that report vulnerabilities to the Knative Open Source Community. All reports are thoroughly investigated by a set of community volunteers.
To make a report, please email the private security@knative.team list with the security detauls and the details expected for all Knative bug reports.
### When Should I Report a Vulnerability?
* You think you discovered a potential security vulnerability in Knative
* You are unsure how a vulnerability affects Knative
* You think you discovered a vulnerability in another project that Knative depends on
* For projects with their own vulnerability reporting and disclosure process, please report it directly there
### When Should I NOT Report a Vulnerability?
* You need help tuning Knative components for security
* You need help applying security related updates
* Your issue is not security related
## Vulnerability response
* [Early disclosure of security vulnerabilities](https://github.com/knative/community/blob/main/working-groups/security/disclosure.md)
* [Vulnerability disclosure response policy](https://github.com/knative/community/blob/main/working-groups/security/responding.md)
## Security working group
* [General information](https://github.com/knative/community/blob/main/working-groups/WORKING-GROUPS.md#security)
* [Security Working Group Charter](https://github.com/knative/community/blob/main/working-groups/security/CHARTER.md)