Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add security policy #1385

Merged
merged 28 commits into from
Dec 18, 2024
Merged

Add security policy #1385

merged 28 commits into from
Dec 18, 2024

Conversation

tatiana
Copy link
Collaborator

@tatiana tatiana commented Dec 12, 2024

A security policy provides guidelines for evaluating and mitigating security risks.

The idea of a security policy in software is familiar; many large open-source projects understand the need to define policies and procedures for reporting security issues. Some even have dedicated teams to handle security issues. Forges like GitHub actively promote adding a SECURITY.rst or SECURITY.md file in the code repository that explains how to report security issues.

This task aims to add the first version of a security policy for Cosmos, following @chaosmawi's recommendations.

Co-authored-by: Joshua Domagalski [email protected]

Copy link

codecov bot commented Dec 12, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 96.28%. Comparing base (6d4a239) to head (1acfcd1).
Report is 1 commits behind head on main.

Additional details and impacted files
@@           Coverage Diff           @@
##             main    #1385   +/-   ##
=======================================
  Coverage   96.28%   96.28%           
=======================================
  Files          68       68           
  Lines        4150     4150           
=======================================
  Hits         3996     3996           
  Misses        154      154           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@tatiana tatiana force-pushed the add-security-policy branch from 24219dd to 561a71e Compare December 16, 2024 14:20
Copy link

cloudflare-workers-and-pages bot commented Dec 16, 2024

Deploying astronomer-cosmos with  Cloudflare Pages  Cloudflare Pages

Latest commit: 1acfcd1
Status: ✅  Deploy successful!
Preview URL: https://24bae40a.astronomer-cosmos.pages.dev
Branch Preview URL: https://add-security-policy.astronomer-cosmos.pages.dev

View logs

@tatiana tatiana force-pushed the add-security-policy branch from 561a71e to dfe4a9a Compare December 16, 2024 14:20
@tatiana tatiana marked this pull request as ready for review December 16, 2024 14:59
@dosubot dosubot bot added the size:L This PR changes 100-499 lines, ignoring generated files. label Dec 16, 2024
@tatiana tatiana modified the milestones: Cosmos 1.10.0, Cosmos 1.8.0 Dec 16, 2024
@dosubot dosubot bot added the area:docs Relating to documentation, changes, fixes, improvement label Dec 16, 2024
SECURITY.rst Show resolved Hide resolved
@chaosmaw
Copy link
Collaborator

@tatiana - I added one comment/recommended change. Otherwise, gtg to me.

Copy link
Contributor

@lzdanski lzdanski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copyediting review!

SECURITY.rst Outdated Show resolved Hide resolved
SECURITY.rst Outdated Show resolved Hide resolved
SECURITY.rst Outdated Show resolved Hide resolved
SECURITY.rst Outdated Show resolved Hide resolved
SECURITY.rst Outdated Show resolved Hide resolved
SECURITY.rst Outdated Show resolved Hide resolved
SECURITY.rst Outdated Show resolved Hide resolved
SECURITY.rst Outdated Show resolved Hide resolved
SECURITY.rst Outdated Show resolved Hide resolved
SECURITY.rst Outdated Show resolved Hide resolved
Co-authored-by: Laura Zdanski <[email protected]>
tatiana and others added 4 commits December 17, 2024 11:03
Co-authored-by: Laura Zdanski <[email protected]>
Co-authored-by: Laura Zdanski <[email protected]>
Co-authored-by: Laura Zdanski <[email protected]>
Co-authored-by: Laura Zdanski <[email protected]>
tatiana and others added 4 commits December 17, 2024 11:04
Co-authored-by: Laura Zdanski <[email protected]>
Co-authored-by: Laura Zdanski <[email protected]>
Co-authored-by: Laura Zdanski <[email protected]>
Co-authored-by: Laura Zdanski <[email protected]>
SECURITY.rst Show resolved Hide resolved
SECURITY.rst Outdated Show resolved Hide resolved
SECURITY.rst Show resolved Hide resolved
SECURITY.rst Outdated Show resolved Hide resolved
Copy link
Contributor

@lzdanski lzdanski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tatiana - I'm happy to re-review if you'd like further copyediting, but I don't want that to block you when you're ready to merge. To a couple of your questions:

  • I think that you might be able to remove "response timeframe" entirely if there isn't a policy or compliance reason to have that as a section.
  • I did think that Josh's comment had some important nuance we weren't quite getting in the current format, so I edited that section to add his recommendation.
  • I'm going to go ahead and approve the PR because my suggestions are pretty minor and I think that you're at a good place to merge as-is, and will still be ok after addressing Jarek's comments.

SECURITY.rst Outdated Show resolved Hide resolved
SECURITY.rst Outdated Show resolved Hide resolved
README.rst Outdated Show resolved Hide resolved
docs/index.rst Outdated Show resolved Hide resolved
Co-authored-by: Pankaj Singh <[email protected]>
Co-authored-by: Laura Zdanski <[email protected]>
tatiana and others added 2 commits December 18, 2024 14:37
Co-authored-by: Jarek Potiuk <[email protected]>
Co-authored-by: Laura Zdanski <[email protected]>
tatiana and others added 2 commits December 18, 2024 14:38
Co-authored-by: Laura Zdanski <[email protected]>
Co-authored-by: Pankaj Singh <[email protected]>
SECURITY.rst Show resolved Hide resolved
SECURITY.rst Outdated Show resolved Hide resolved
Co-authored-by: Laura Zdanski <[email protected]>
@tatiana tatiana merged commit 0edb07d into main Dec 18, 2024
63 checks passed
@tatiana tatiana deleted the add-security-policy branch December 18, 2024 15:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area:docs Relating to documentation, changes, fixes, improvement size:L This PR changes 100-499 lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants