chore: add security.md files

11 months ago · bef4a8ddeb
parent 32f76fddb2
commit bef4a8ddeb
2 changed files with 18 additions and 45 deletions
--- a/CODE_OF_CONDUCT.adoc
+++ b/CODE_OF_CONDUCT.adoc
@ -1,45 +0,0 @@
 = Contributor Code of Conduct
 As contributors and maintainers of this project, and in the interest of fostering an open
 and welcoming community, we pledge to respect all people who contribute through reporting
 issues, posting feature requests, updating documentation, submitting pull requests or
 patches, and other activities.
 We are committed to making participation in this project a harassment-free experience for
 everyone, regardless of level of experience, gender, gender identity and expression,
 sexual orientation, disability, personal appearance, body size, race, ethnicity, age,
 religion, or nationality.
 Examples of unacceptable behavior by participants include:
 * The use of sexualized language or imagery
 * Personal attacks
 * Trolling or insulting/derogatory comments
 * Public or private harassment
 * Publishing other's private information, such as physical or electronic addresses,
  without explicit permission
 * Other unethical or unprofessional conduct
 Project maintainers have the right and responsibility to remove, edit, or reject comments,
 commits, code, wiki edits, issues, and other contributions that are not aligned to this
 Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors
 that they deem inappropriate, threatening, offensive, or harmful.
 By adopting this Code of Conduct, project maintainers commit themselves to fairly and
 consistently applying these principles to every aspect of managing this project. Project
 maintainers who do not follow or enforce the Code of Conduct may be permanently removed
 from the project team.
 This Code of Conduct applies both within project spaces and in public spaces when an
 individual is representing the project or its community.
 Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by
 contacting a project maintainer at spring-code-of-conduct@pivotal.io . All complaints will
 be reviewed and investigated and will result in a response that is deemed necessary and
 appropriate to the circumstances. Maintainers are obligated to maintain confidentiality
 with regard to the reporter of an incident.
 This Code of Conduct is adapted from the
 http://contributor-covenant.org[Contributor Covenant], version 1.3.0, available at
 http://contributor-covenant.org/version/1/3/0/[contributor-covenant.org/version/1/3/0/]
--- a/SECURITY.md
+++ b/SECURITY.md
@ -0,0 +1,18 @@
 ## Reporting Security Issues
 The Spring Cloud Alibaba Group takes a rigorous standpoint in annihilating the security issues in its software projects. Spring Cloud Alibaba is highly sensitive and forthcoming to issues pertaining to its features and functionality.
 ## REPORTING VULNERABILITY
 If you have apprehensions regarding Spring Cloud Alibaba's security or you discover vulnerability or potential threat, don’t hesitate to get in touch with the Spring Cloud Alibaba Security Team by dropping a mail at [spring-cloud-alibaba@googlegroups.com] (mailto:spring-cloud-alibaba@googlegroups.com). In the mail, specify the description of the issue or potential threat. You are also urged to recommend the way to reproduce and replicate the issue. The Spring Cloud Alibaba community will get back to you after assessing and analysing the findings.
 PLEASE PAY ATTENTION to report the security issue on the security email before disclosing it on public domain.
 ## VULNERABILITY HANDLING
 An overview of the vulnerability handling process is:
 The reporter reports the vulnerability privately to Apache.
 The appropriate project's security team works privately with the reporter to resolve the vulnerability.
 A new release of the Apache product concerned is made that includes the fix.
 The vulnerability is publically announced.