From cbb623e33876e446b7788375cc355e3a3dd44cef Mon Sep 17 00:00:00 2001 From: Samet Akcay Date: Mon, 26 Feb 2024 06:03:01 +0000 Subject: [PATCH] =?UTF-8?q?=F0=9F=93=9A=20Add=20Secure=20development=20kno?= =?UTF-8?q?wledge=20section=20to=20`SECURE.md`=20file=20(#1751)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Update SECURE.md file with Secure development knowledge section * Fix albumentation tests * Fix albumentation tests --- SECURITY.md | 36 +++++++++++++++++++++++++++++++----- 1 file changed, 31 insertions(+), 5 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index dfac186ea5..b97acc7e57 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,6 +1,32 @@ # 🔒 Security Policy -Intel is committed to rapidly addressing security vulnerabilities affecting our customers and providing clear guidance on the solution, impact, severity and mitigation. +Intel is committed to rapidly addressing security vulnerabilities affecting our +customers and providing clear guidance on the solution, impact, severity, and +mitigation. + +## Security Tools and Practices + +### Integrated Security Scanning with Bandit and Trivy + +To ensure our codebase remains secure, we leverage GitHub Actions for continuous +security scanning with the following tools: + +- **Bandit:** Automatically scans our Python code for common security issues, + helping us identify and mitigate potential vulnerabilities proactively. +- **Trivy:** Integrated into our CI/CD pipeline via GitHub Actions, Trivy scans + our project's dependencies and container images for known vulnerabilities, + ensuring our external components are secure. + +These integrations ensure that every commit and pull request is automatically +checked for security issues, allowing us to maintain a high security standard +across our development lifecycle. + +### External Security Scanning with Checkmarx + +In addition to our integrated tools, we utilize Checkmarx for static application +security testing (SAST). This comprehensive analysis tool is run externally to +scrutinize our source code for security vulnerabilities, complementing our +internal security measures with its advanced detection capabilities. ## 🚨 Reporting a Vulnerability @@ -18,10 +44,10 @@ can: We encourage users to report security issues and contribute to the security of our project 🛡️. Contributions can be made in the form of code reviews, pull -requests, and constructive feedback. -Refer to our [CONTRIBUTING.md](CONTRIBUTING.md) for more details. +requests, and constructive feedback. Refer to our +[CONTRIBUTING.md](CONTRIBUTING.md) for more details. --- -> **NOTE:** This security policy is subject to change 🔁. Users are encouraged to check this -> document periodically for updates. +> **NOTE:** This security policy is subject to change 🔁. Users are encouraged +> to check this document periodically for updates.