fe901f4dfb
- [x] DELETE OWNERS file, not parsed, only used for bookkeeping, CODEOWNERS does this - [x] update CODEOWNERS to people who have committed in the last year - [x] create EMERITUS.md to list former CODEOWNERS and thank them for their contribution - [x] create SECURITY.md so people know how to report security issues - [x] turn on private vulnerability reporting in the repository - [x] create CODE_OF_CONDUCT.md linking to CNCF code of conduct By adding a code of conduct and security file we can set our Community Standards to 100% [here](https://github.com/argoproj/argo-helm/community) Signed-off-by: jmeridth <jmeridth@gmail.com> Co-authored-by: Marko Bevc <marko@scalefactory.com>
1.4 KiB
1.4 KiB
Security Policy
Supported Versions and Upstream Reporting
Each helm chart currently supports the designated application version in the Chart.yaml. There is a chance a security issue you've discovered may not be with the helm chart but with the upstream application. Please visit that application's Security policy docueent to find out how to report the security issue.
- Security Policy for Argo Workflows
- Security Policy for Argo Events
- Security Policy for Argo Rollouts
- Security Policy for Argo CD
- Security Policy for Argo CD Image Updater
Reporting a Vulnerability for Argo Helm Charts
We have enabled the ability to privately report security issues through the Security tab above.
Here are the details on how to file on how to do that
A repository owner/maintainer will respond as fast as possible to coordinate confirmation of issue and remediation.
Thank you for helping to ensure this code stays secure.