Add security.md and introduce a policy enabling users to report secur…

…ity issues. (#6)
canonical · Nov 21, 2024 · ede7d38 · ede7d38
1 parent 92fb91f
commit ede7d38
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 0 deletions.
diff --git a/CODEOWNERS b/CODEOWNERS
@@ -0,0 +1 @@
+*               @canonical/kubernetes
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,15 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+To report a security issue, please follow the steps below:
+
+Using GitHub, file a [Private Security Report](https://github.com/canonical/metrics-server-rock/security/advisories/new) with:
+- A description of the issue
+- Steps to reproduce the issue
+- Affected versions of the `metrics-server-rock` package
+- Any known mitigations for the issue
+
+The [Ubuntu Security disclosure and embargo policy](https://ubuntu.com/security/disclosure-policy) contains more information about what to expect during this process and our requirements for responsible disclosure.
+
+Thank you for contributing to the security and integrity of the `metrics-server-rock`!