Skip to content

Commit 27ea034

Browse files
narmidmnarmidm
authored
Create SECURITY.md
1 parent 82ad990 commit 27ea034

File tree

1 file changed

+38
-0
lines changed

1 file changed

+38
-0
lines changed

SECURITY.md

+38
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,38 @@
1+
# Security Policy
2+
3+
## Supported Versions
4+
5+
We maintain security updates and support for the following versions of `k8s-pod-cpu-stressor`:
6+
7+
| Version | Supported |
8+
| ------- | ------------------ |
9+
| 1.x | :white_check_mark: |
10+
| < 1.0 | :x: |
11+
12+
Please ensure you are running a supported version to benefit from security patches.
13+
14+
## Reporting a Vulnerability
15+
16+
If you discover a vulnerability in this project, please follow these steps to report it securely:
17+
18+
1. **Do not open a public issue** on GitHub, as this may expose the vulnerability to others before it can be addressed.
19+
2. Contact us by sending an email to [[email protected]](mailto:[email protected]) with the details of the vulnerability, including steps to reproduce it, affected versions, and potential impact.
20+
3. Please allow us **at least 90 days** to investigate and apply a fix before disclosing the issue publicly.
21+
22+
We will work to acknowledge your report within **7 days** and provide an estimated timeline for a fix.
23+
24+
## Security Best Practices for Users
25+
26+
To help ensure the security of your Kubernetes environment, consider the following when using `k8s-pod-cpu-stressor`:
27+
28+
- **Namespace Isolation**: Run the tool in a dedicated namespace to limit any potential impact.
29+
- **Permissions**: Grant minimal permissions needed for the pod to run. Avoid giving it elevated privileges unless explicitly necessary.
30+
- **Network Policies**: Apply appropriate network policies to restrict access to and from the pods running this tool.
31+
32+
## Responsible Disclosure Policy
33+
34+
We believe in and support responsible disclosure. If you report a vulnerability and work with us constructively, we are committed to acknowledging your contributions in the release notes or other appropriate acknowledgments (with your permission).
35+
36+
## Contact
37+
38+
If you have general security concerns or questions, please contact the maintainers at [[email protected]](mailto:[email protected]).

0 commit comments

Comments
 (0)