From 3d53a5e667bebbaad09c4ad517506038b22e4108 Mon Sep 17 00:00:00 2001 From: Samuel Kelemen Date: Mon, 30 Sep 2024 16:05:35 +0200 Subject: [PATCH] docs(security): add Security Policy MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Anton Sapozhnikov Co-authored-by: Patrik Nordlén Co-authored-by: Samuel Kelemen --- .github/codecov.yml | 2 +- .github/workflows/ci.yml | 2 +- SECURITY.md | 41 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 43 insertions(+), 2 deletions(-) create mode 100644 SECURITY.md diff --git a/.github/codecov.yml b/.github/codecov.yml index a975e82..6c4afa0 100644 --- a/.github/codecov.yml +++ b/.github/codecov.yml @@ -1,5 +1,5 @@ codecov: - require_ci_to_pass: yes + require_ci_to_pass: no ignore: - internal/examples/proto/gen diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1b0be68..aeb3f0e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,4 +18,4 @@ jobs: uses: codecov/codecov-action@v3 with: file: .sage/build/go/coverage/go-test.txt - fail_ci_if_error: true + fail_ci_if_error: false diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..cb13c98 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,41 @@ +# Security Policy + +Einride welcomes feedback from security researchers and the general public to +help improve our security. If you believe you have discovered a vulnerability, +privacy issue, exposed data, or other security issues in relation to this +project, we want to hear from you. This policy outlines steps for reporting +security issues to us, what we expect, and what you can expect from us. + +## Supported versions + +We release patches for security issues according to semantic versioning. This +project is currently unstable (v0.x) and only the latest version will receive +security patches. + +## Reporting a vulnerability + +Please do not report security vulnerabilities through public issues, +discussions, or change requests. + +Please report security issues via [oss-security@einride.tech][email]. Provide +all relevant information, including steps to reproduce the issue, any affected +versions, and known mitigations. The more details you provide, the easier it +will be for us to triage and fix the issue. You will receive a response from us +within 2 business days. If the issue is confirmed, a patch will be released as +soon as possible. + +For more information, or security issues not relating to open source code, +please consult our [Vulnerability Disclosure Policy][vdp]. + +## Preferred languages + +English is our preferred language of communication. + +## Contributions and recognition + +We appreciate every contribution and will do our best to publicly +[acknowledge][acknowledgments] your contributions. + +[acknowledgments]: https://einride.tech/security-acknowledgments.txt +[email]: mailto:oss-security@einride.tech +[vdp]: https://www.einride.tech/vulnerability-disclosure-policy