Merge pull request #79 from catenax-ng/TRG-7.01-Legal-Documentation-78

Trg 7.01 legal documentation, issue #78 fix
eclipse-tractusx · Nov 23, 2023 · ec10e80 · ec10e80
2 parents d32f42f + 95bf685
commit ec10e80
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 4 deletions.
diff --git a/.github/workflows/sdfactorypipeline.yml b/.github/workflows/sdfactorypipeline.yml
@@ -95,4 +95,4 @@ jobs:
         # readme-filepath: path/to/dedicated/notice-for-docker-image.md 
           username: ${{ secrets.DOCKER_HUB_USER }}
           password: ${{ secrets.DOCKER_HUB_TOKEN }}
-          repository: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}
+          repository: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -50,4 +50,4 @@ jobs:
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v2
         with:
-          sarif_file: "trivy-results.sarif"
+          sarif_file: "trivy-results.sarif"
diff --git a/SECURITY.md b/SECURITY.md
@@ -2,5 +2,18 @@
 
 ## Reporting a Vulnerability
 
-Please report a found vulnerability here:
-[https://www.eclipse.org/security/](https://www.eclipse.org/security/)
+Please do **not** report security vulnerabilities through public GitHub issues.
+
+Please report vulnerabilities to this repository via **GitHub security advisories** instead.
+
+How? Inside affected repository --> security tab
+
+for contributor:
+--> Report a vulnerability
+
+for committer:
+--> advisories --> New draft security advisory
+
+In severe cases, you can also report a found vulnerability via mail or eclipse issue here: https://www.eclipse.org/security/
+
+See [Eclipse Foundation Vulnerability Reporting Policy](https://www.eclipse.org/projects/handbook/#vulnerability)