-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
4163c30
commit f0363e5
Showing
1 changed file
with
49 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,49 @@ | ||
| # Security Policy | ||
|
|
||
| ## Supported Versions | ||
|
|
||
| We actively maintain and support the following versions of the project: | ||
|
|
||
| | Version | Supported | | ||
| |-----------|--------------------| | ||
| | `1.x.x` | :white_check_mark: | | ||
| | `< 1.0.0` | :x: | | ||
|
|
||
| Please make sure to update to the latest version to ensure you're using the most secure version of our software. | ||
|
|
||
| ## Reporting a Vulnerability | ||
|
|
||
| If you find a vulnerability in our project, please report a security issue, please use the GitHub Security Advisory | ||
| ["Report a Vulnerability"](https://github.com/zavoloklom/docker-compose-linter/security/advisories/new) tab. | ||
|
|
||
| Include as much information as possible about the vulnerability: | ||
|
|
||
| - A detailed description of the vulnerability. | ||
| - Steps to reproduce the issue. | ||
| - Potential impact of the vulnerability (e.g., data leak, privilege escalation). | ||
| - Any potential fixes or mitigation steps you've found. | ||
|
|
||
| We aim to respond to security reports within 48 hours and provide a timeline for addressing the issue within a week. | ||
|
|
||
| Once the issue is resolved, we will provide an acknowledgment in the release notes (unless you prefer to remain | ||
| anonymous). | ||
|
|
||
| ## Security Best Practices | ||
|
|
||
| To help ensure the security of your usage of this project, we recommend the following: | ||
|
|
||
| - Always use the latest version of the software. | ||
| - Avoid using the `latest` tag when pulling images. Instead, specify exact versions. | ||
| - Regularly audit dependencies for security vulnerabilities. | ||
| - Follow the principle of least privilege when configuring access. | ||
|
|
||
| ## Responsible Disclosure Policy | ||
|
|
||
| We follow a responsible disclosure policy to ensure that security vulnerabilities are handled appropriately. We ask that | ||
| you: | ||
|
|
||
| - Privately notify us of the issue before making any public disclosure. | ||
| - Allow a reasonable amount of time for us to address the vulnerability before you disclose it publicly. | ||
|
|
||
| We appreciate your contributions to making our project more secure. Thank you for working with us to protect the | ||
| community. |