📚 Add Secure development knowledge section to SECURE.md file (#1751)

* Update SECURE.md file with Secure development knowledge section * Fix albumentation tests * Fix albumentation tests
openvinotoolkit · Feb 26, 2024 · cbb623e · cbb623e
1 parent 8a67e1e
commit cbb623e
Showing 1 changed file with 31 additions and 5 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -1,6 +1,32 @@
 # 🔒 Security Policy
 
-Intel is committed to rapidly addressing security vulnerabilities affecting our customers and providing clear guidance on the solution, impact, severity and mitigation.
+Intel is committed to rapidly addressing security vulnerabilities affecting our
+customers and providing clear guidance on the solution, impact, severity, and
+mitigation.
+
+## Security Tools and Practices
+
+### Integrated Security Scanning with Bandit and Trivy
+
+To ensure our codebase remains secure, we leverage GitHub Actions for continuous
+security scanning with the following tools:
+
+- **Bandit:** Automatically scans our Python code for common security issues,
+  helping us identify and mitigate potential vulnerabilities proactively.
+- **Trivy:** Integrated into our CI/CD pipeline via GitHub Actions, Trivy scans
+  our project's dependencies and container images for known vulnerabilities,
+  ensuring our external components are secure.
+
+These integrations ensure that every commit and pull request is automatically
+checked for security issues, allowing us to maintain a high security standard
+across our development lifecycle.
+
+### External Security Scanning with Checkmarx
+
+In addition to our integrated tools, we utilize Checkmarx for static application
+security testing (SAST). This comprehensive analysis tool is run externally to
+scrutinize our source code for security vulnerabilities, complementing our
+internal security measures with its advanced detection capabilities.
 
 ## 🚨 Reporting a Vulnerability
 
@@ -18,10 +44,10 @@ can:
 
 We encourage users to report security issues and contribute to the security of
 our project 🛡️. Contributions can be made in the form of code reviews, pull
-requests, and constructive feedback.
-Refer to our [CONTRIBUTING.md](CONTRIBUTING.md) for more details.
+requests, and constructive feedback. Refer to our
+[CONTRIBUTING.md](CONTRIBUTING.md) for more details.
 
 ---
 
-> **NOTE:** This security policy is subject to change 🔁. Users are encouraged to check this
-> document periodically for updates.
+> **NOTE:** This security policy is subject to change 🔁. Users are encouraged
+> to check this document periodically for updates.