Add SECURITY.md fle

Signed-off-by: Surya Seetharaman <[email protected]>
openshift · Apr 2, 2024 · cfe558b · cfe558b
1 parent 105d8a8
commit cfe558b
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,10 @@
+# Security Policy
+
+OVNKubernetes repo uses the [dependabot](https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates) which does automatic security updates by scanning the repo and opening PRs to update the effected libraries.
+
+## Reporting a Vulnerability
+
+To report a vulnerability, please use the [Private Vulnerability Reporting Feature](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability)
+on GitHub. We will endevour to respond within 48hrs of reporting.
+If a vulnerability is reported but considered low priority it may be converted into an issue and handled on the public issue tracker.
+Should a vulnerability be considered severe we will endeavour to patch it within 48hrs of acceptance, and may ask for you to collaborate with us on a temporary private fork of the repository.