-
Notifications
You must be signed in to change notification settings - Fork 177
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add security policy #1385
Add security policy #1385
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #1385 +/- ##
=======================================
Coverage 96.28% 96.28%
=======================================
Files 68 68
Lines 4150 4150
=======================================
Hits 3996 3996
Misses 154 154 ☔ View full report in Codecov by Sentry. |
24219dd
to
561a71e
Compare
Deploying astronomer-cosmos with Cloudflare Pages
|
561a71e
to
dfe4a9a
Compare
@tatiana - I added one comment/recommended change. Otherwise, gtg to me. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Copyediting review!
Co-authored-by: Laura Zdanski <[email protected]>
Co-authored-by: Laura Zdanski <[email protected]>
Co-authored-by: Laura Zdanski <[email protected]>
Co-authored-by: Laura Zdanski <[email protected]>
Co-authored-by: Laura Zdanski <[email protected]>
Co-authored-by: Laura Zdanski <[email protected]>
Co-authored-by: Laura Zdanski <[email protected]>
Co-authored-by: Laura Zdanski <[email protected]>
Co-authored-by: Laura Zdanski <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@tatiana - I'm happy to re-review if you'd like further copyediting, but I don't want that to block you when you're ready to merge. To a couple of your questions:
- I think that you might be able to remove "response timeframe" entirely if there isn't a policy or compliance reason to have that as a section.
- I did think that Josh's comment had some important nuance we weren't quite getting in the current format, so I edited that section to add his recommendation.
- I'm going to go ahead and approve the PR because my suggestions are pretty minor and I think that you're at a good place to merge as-is, and will still be ok after addressing Jarek's comments.
Co-authored-by: Pankaj Singh <[email protected]>
Co-authored-by: Laura Zdanski <[email protected]>
Co-authored-by: Jarek Potiuk <[email protected]>
Co-authored-by: Laura Zdanski <[email protected]>
Co-authored-by: Laura Zdanski <[email protected]>
Co-authored-by: Pankaj Singh <[email protected]>
Co-authored-by: Laura Zdanski <[email protected]>
A security policy provides guidelines for evaluating and mitigating security risks.
The idea of a security policy in software is familiar; many large open-source projects understand the need to define policies and procedures for reporting security issues. Some even have dedicated teams to handle security issues. Forges like GitHub actively promote adding a
SECURITY.rst
orSECURITY.md
file in the code repository that explains how to report security issues.This task aims to add the first version of a security policy for Cosmos, following @chaosmawi's recommendations.
Co-authored-by: Joshua Domagalski [email protected]