You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -14,14 +14,10 @@ See the License for the specific language governing permissions and
limitations under the License.
-->
# Security Policy
# Reporting Security Issues/Vulnerabilities
The CSM services/repositories are inspected for security vulnerabilities via [gosec](https://github.com/securego/gosec).
The Dell Container Storage Modules team and community take security bugs seriously. We sincerely appreciate all your efforts and responsibility to disclose your findings.
Every issue detected by `gosec` is mapped to a [CWE (Common Weakness Enumeration)](http://cwe.mitre.org/data/index.html) which describes in more generic terms the vulnerability. The exact mapping can be found at https://github.com/securego/gosec in the issue.go file. The list of rules checked by `gosec` can be found [here](https://github.com/securego/gosec#available-rules).
To report a security issue, please submit the security advisory form ["Report a Vulnerability"](https://github.com/dell/csm/security/advisories/new).
In addition to this, there are various security checks that get executed against a branch when a pull request is created/updated. Please refer to [pull request](/docs/CONTRIBUTING.md#pull-requests) for more information.
## Reporting a Vulnerability
Please report a vulnerability by opening an Issue in this repository.
