WARNING: THIS SITE IS A MIRROR OF GITHUB.COM / IT CANNOT LOGIN OR REGISTER ACCOUNTS / THE CONTENTS ARE PROVIDED AS-IS / THIS SITE ASSUMES NO RESPONSIBILITY FOR ANY DISPLAYED CONTENT OR LINKS / IF YOU FOUND SOMETHING MAY NOT GOOD FOR EVERYONE, CONTACT ADMIN AT ilovescratch@foxmail.com
Skip to content

Commit 223cbcd

Browse files
spoltispolti
authored
add security.md (#105)
chore: Part of kserve/community#42 #### Motivation #### Modifications #### Result Signed-off-by: Filippe <[email protected]>
1 parent cd6e022 commit 223cbcd

File tree

1 file changed

+49
-0
lines changed

1 file changed

+49
-0
lines changed

SECURITY.md

Lines changed: 49 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,49 @@
1+
## Supported Versions
2+
3+
KServe actively maintains and provides security updates for the latest major release and the preceding major release. Users are encouraged to stay updated with the latest releases to benefit from security patches and improvements.
4+
5+
## Reporting a Vulnerability
6+
7+
We strongly encourage you to report security vulnerabilities privately, before disclosing them in any public forums. Only the active maintainers and KServe security group members will receive the reported security vulnerabilities and the issues are treated as top priority.
8+
9+
You can use the following ways to report security vulnerabilities privately:
10+
11+
- Using the KServe repository [GitHub Security Advisory](https://github.com/kserve/kserve/security/advisories/new).
12+
- Using our private security mailing list: [email protected].
13+
14+
Please provide detailed information to help us understand and address the issue promptly.
15+
16+
## Disclosure Process
17+
18+
**Acknowledgment**: We will acknowledge receipt of your report within 5 business days.
19+
20+
**Assessment**: The security team will investigate the reported issue to determine its validity and severity.
21+
22+
**Resolution**: If the issue is confirmed, we will work on a fix and prepare a release.
23+
24+
**Notification**: Once a fix is available, we will notify the reporter and coordinate a public disclosure.
25+
26+
**Public Disclosure**: Details of the vulnerability and the fix will be published in the project's release notes and communicated through appropriate channels.
27+
28+
## Prevention Mechanisms
29+
30+
KServe employs several measures to prevent security issues:
31+
32+
**Code Reviews**: All code changes are reviewed by maintainers to ensure code quality and security.
33+
34+
**Dependency Management**: Regular updates and monitoring of dependencies to address known vulnerabilities.
35+
36+
**Continuous Integration**: Automated testing and security checks are integrated into the CI/CD pipeline.
37+
38+
**Image Scanning**: Container images are scanned for vulnerabilities.
39+
40+
**Static Analysis**: Static code analysis tools are used to identify potential security issues in the codebase.
41+
42+
## Communication Channels
43+
For general questions and discussions, please use the following channels:
44+
45+
**Slack**: Join the [KServe Slack channel](https://kserve.github.io/website/latest/community/get_involved/#become-a-contributor) for real-time communication.
46+
47+
**GitHub Discussions**: https://github.com/kserve/kserve/discussions
48+
49+
Please do not report security vulnerabilities through public channels. Use the private email address provided above to ensure responsible disclosure.

0 commit comments

Comments
 (0)