nodejs
/
docker-node
mirror of https://github.com/nodejs/docker-node.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

chore: Add initial SECURITY.md

This commit is contained in:
Nick Schonning 2019-10-30 18:07:31 -04:00
parent 8f85325f18
commit 7d4ac18498
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
SECURITY.md Normal file
View File

@ -0,0 +1,12 @@
# Security Policy
## Reporting a Vulnerability
Security issues relating to Node.js project should follow the process documented on <https://nodejs.org/en/security/>.
CVEs for the base image packages should be reported to those repositories. Nothing to address those CVEs is in the hands of this repos.
- [Alpine](https://github.com/alpinelinux/docker-alpine)
- [Debian (buster, jessie, stretch)](https://github.com/debuerreotype/docker-debian-artifacts)
When base images are patched, the images are rebuilt and rolled out to the Docker hub without intervention by this repo. This process is explained in <https://github.com/docker-library/faq/#why-does-my-security-scanner-show-that-an-image-has-cves>.