Expose security policy in project readme

astronomer · Dec 16, 2024 · dfe4a9a · dfe4a9a
1 parent ca34465
commit dfe4a9a
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 2 deletions.
diff --git a/README.rst b/README.rst
@@ -88,3 +88,11 @@ This project follows `Astronomer's Privacy Policy <https://www.astronomer.io/pri
 
 .. image:: https://static.scarf.sh/a.png?x-pxid=ae43a92a-5a21-4c77-af8b-99c2242adf93
    :target: https://static.scarf.sh/a.png?x-pxid=ae43a92a-5a21-4c77-af8b-99c2242adf93
+
+
+Security Policy
+---------------
+
+Check the project's `Security Policy <https://github.com/astronomer/astronomer-cosmos/blob/main/SECURITY>`_ to learn
+how to report security vulnerabilities in Astronomer Cosmos and how security issues reported to the Astronomer Cosmos
+security team are handled.
diff --git a/SECURITY.rst b/SECURITY.rst
@@ -31,15 +31,15 @@ In-scope
 ........
 
 * Code base with tagged releases
-* When integrated as specified in the following documentation TODO.
+* When integrated as specified in the `official Astronomer Cosmos documentation <https://astronomer.github.io/astronomer-cosmos/>`_.
 
 Out-of-scope
 ............
 
 * Any other codebase, including Astronomer products
 * Astronomer.io website
 * Dependencies used in Astronomer Cosmos
-* Astronomer Cosmos when modified or run in a configuration not intended
+* Astronomer Cosmos when modified or run using a not intended configuration
 * Other systems integrated with or CSP systems hosting the deployment
 * Cookie transfers between browsers
 
@@ -120,4 +120,5 @@ disclosure program, and you have complied with our vulnerability disclosure poli
 that your actions were conducted in compliance with this policy.
 This is not, and should not be understood as, any agreement on our part to defend, indemnify, or otherwise protect you
 from any third-party action based on your actions.
+
 You are expected, as always, to comply with all applicable laws.
diff --git a/docs/index.rst b/docs/index.rst
@@ -146,3 +146,11 @@ This project follows `Astronomer's Privacy Policy <https://www.astronomer.io/pri
 .. raw:: html
 
     <img referrerpolicy="no-referrer-when-downgrade" src="https://static.scarf.sh/a.png?x-pxid=ac335a8b-a9f3-49e6-9e8e-a7ec614fb794" />
+
+
+Security Policy
+---------------
+
+Check the project's `Security Policy <https://github.com/astronomer/astronomer-cosmos/blob/main/SECURITY>`_ to learn
+how to report security vulnerabilities in Astronomer Cosmos and how security issues reported to the Astronomer Cosmos
+security team are handled.