Skip to content

Commit 252de71

Browse files
kakkoyunkakkoyun
authored
Merge pull request parca-dev#80 from parca-dev/update_security_docs
docs: Update security docs
2 parents 6b5b54d + 8486bdb commit 252de71

File tree

1 file changed

+11
-1
lines changed

1 file changed

+11
-1
lines changed

docs/security.md

+11-1
Original file line numberDiff line numberDiff line change
@@ -32,8 +32,18 @@ Read more on CO-RE and libbpf:
3232

3333
We intend to soon provide signatures of release artifacts via [sigstore](https://sigstore.dev/). See [parca-dev/parca-agent#16](https://github.com/parca-dev/parca-agent/issues/16) for more details and progress.
3434

35+
## Automated code scanning
36+
37+
Parca Agent uses automated code scanning to analyze the code in Parca Agent repository to find security vulnerabilities and coding errors.
38+
Any problems identified by the analysis are shown in review process, thanks to [CodeQL](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning).
39+
40+
## Automated dependency updates
41+
42+
Parca Agent supply chain uses [Dependabot](https://docs.github.com/en/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates) to constantly keep the dependencies up-to-date against any security vulnerabilities.
43+
3544
## Report Security Vulnerabilities
3645

37-
As with any complex system, it is near certain that bugs will be found, some of them security-relevant. If you find a security bug, please report it privately to the [email protected] mailing list. We will fix the issue as soon as possible and coordinate a release date with you. You will be able to choose if you want public acknowledgement of your effort and if you want to be mentioned by name.
46+
As with any complex system, it is near certain that bugs will be found, some of them security-relevant. If you find a security bug, please report it privately to the [[email protected]](mailto:[email protected]) mailing list.
47+
We will fix the issue as soon as possible and coordinate a release date with you. You will be able to choose if you want public acknowledgement of your effort and if you want to be mentioned by name.
3848

3949
Parca is maintained by volunteers, not by a company. Therefore, fixing security issues is done on a best-effort basis. We strive to release security fixes within 7 days.

0 commit comments

Comments
 (0)