Skip to content
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 16 additions & 1 deletion SECURITY.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,18 @@
# Security Process for kube-bind

TBD
## Reporting a Vulnerability

kube-bind uses GitHub to allow submission of private security reports. Please report any security finding via
[this link](https://github.com/kube-bind/kube-bind/security/advisories/new).
Maintainers will triage your report as soon as possible and get in touch with you via your report in case they have more questions.

As a security researcher, please report vulnerabilities to kube-bind in a [coordinated vulnerability disclosure (CVD)](https://cheatsheetseries.owasp.org/cheatsheets/Vulnerability_Disclosure_Cheat_Sheet.html)
fashion.

In return, maintainers pledge to engage in good faith and collaborate with security researchers to address and publish vulnerabilities found in kube-bind as soon as possible. We will not pursue or support legal action for good‑faith security research that adheres to this policy and avoids privacy violations, data exfiltration, or service disruption.

Please understand that the maintainers also do not accept results of dependency scanners without proof that the detected CVE / vulnerability can be used against kube-bind.

## Security Advisories

Advisories are managed through GitHub Security Advisories. Where applicable, we request CVE IDs via GitHub’s CNA during the advisory process and credit reporters upon release. Please visit [Security Advisories](https://github.com/kube-bind/kube-bind/security/advisories) to review security bulletins published by the maintainers.