lingwei.kong/hawkbit
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

Update SECURITY.md (#2822)

Browse Source 
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
This commit is contained in:
Avgustin Marinov
2025-11-19 11:38:36 +02:00
committed by GitHub
parent 018a18850c
commit 4846587aee
2 changed files with 19 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.github/workflows/license-scan.yaml vendored
View File

@@ -4,8 +4,8 @@ on:
# enable running the workflow manually
workflow_dispatch:
schedule:
# run every night at 2:00 AM (UTC)
- cron: '0 2 * * *'
# run every Monday at 2:00 AM (UTC), 429 when querying ClearlyDefined too frequently
- cron: '0 2 * * 1'
permissions:
contents: write

23
SECURITY.md
View File

@@ -1,7 +1,18 @@
# Reporting a Security Vulnerability
# Security Policy
If you find a vulnerability, **DO NOT** disclose it in the public immediately! Instead, give us the possibility to fix
it beforehand.
So please dont report your finding using GitHub issues and better head over
to [https://eclipse.org/security](https://eclipse.org/security) and learn how to disclose a vulnerability in a safe and
responsible manner
Eclipse hawkBit follows the [Eclipse Foundation Security Policy](https://www.eclipse.org/security/policy.php). Vulnerabilities are tracked by the hawkBit project leads, in cooperation with the Eclipse security team. Fixing vulnerabilities is taken care of by the hawkBit project committers, with assistance and guidance of the security team.
## Supported Versions
Eclipse hawkBit provides security updates for the two most recent minor versions.
These versions of Eclipse hawkBit are currently being supported with security updates.
| Version | Supported |
|---------| ------------------ |
## Reporting a Vulnerability
If you identify a potential vulnerability, **DO NOT** publicly disclose it immediately! Instead, give the Eclipse hawkBit team sufficient time to investigate and address the issue appropriately.
So, please **DO NOT** report your finding using GitHub issues. Instead, please submit your report through [hawkBit GitHub Security](https://github.com/eclipse-hawkbit/hawkbit/security) using the `Report a vulnerability` feature.
_For further information regarding the responsible disclosure of security vulnerabilities within the Eclipse Foundation, please refer to [Security at the Eclipse Foundation](https://eclipse.org/security)._