13 lines
711 B
Markdown
13 lines
711 B
Markdown
# Security Policy
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
Security issues relating to Node.js project should follow the process documented on <https://nodejs.org/en/security/>.
|
|
|
|
CVEs for the base image packages should be reported to those repositories. Nothing to address those CVEs is in the hands of this repos.
|
|
|
|
- [Alpine](https://github.com/alpinelinux/docker-alpine)
|
|
- [Debian (buster, bullseye, bookworm)](https://github.com/debuerreotype/docker-debian-artifacts)
|
|
|
|
When base images are patched, the images are rebuilt and rolled out to the Docker hub without intervention by this repo. This process is explained in <https://github.com/docker-library/faq/#why-does-my-security-scanner-show-that-an-image-has-cves>.
|