Skip to content

First pass at a security document #6

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
majormoses wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

First pass at a security document #6

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 23 additions & 0 deletions SECURITY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# Security Policy

## Supported Versions

We support all versions of [non EOL rubies](https://docs.sensu.io/plugins/1.0/faq/#what-is-the-policy-on-supporting-end-of-life-eol-ruby-versions) and other respective languages. That being said we typically only roll forward on the latest major release version unless there is something truly horrifying. For information on [how we version](https://github.com/sensu-plugins/community/blob/master/HOW_WE_VERSION.md)

## Reporting a Vulnerability

Not all issues are equal and we understand that; currently we do not have a public program beyond github issues and pull requests. If you feel the issue is sensitive enough that it requires private disclosure please get in touch with Ben Abrams via [email](mailto:me@benabrams.it) or contact him through his [website](https://benabrams.it/contact/). There is no guarantee you will recieve any bounty and is currently at the discretion of the maintainers and the community. We would evcentually like to pay for bounties

Things to consider before submitting an issue:
- Does this require private disclosure due to high impact and low effort to exploit?
- Has this been reported on the specific plugin repo or the [community repo](https://github.com/sensu-plugins/community/issues)?
- Does it relate to an existing CVE? Does this require a new CVE?
- Does this affect all plugins or a single plugin? If all plugins please raise the issue on the [community](https://github.com/sensu-plugins/community)
- How does this impact a user? Development only dependencies for example will have lower impact as they will not be called during the runtime of the process

Material to review prior to submitting:
- [Pull Request Process](https://github.com/sensu-plugins/community/blob/master/PULL_REQUEST_PROCESS.md)
- [How we communicate change](https://github.com/sensu-plugins/community/blob/master/HOW_WE_CHANGELOG.md) and [how we version](https://github.com/sensu-plugins/community/blob/master/HOW_WE_VERSION.md)


Thank you for all your hard work to make the world more secure!