Use this section to tell people about which versions of your project are currently being supported with security updates.
| Version | Supported |
|---|---|
| 0.1.0 | ✅ |
| 0.2.0 | ✅ |
The KubeRocketCI team takes security vulnerabilities seriously. We appreciate your efforts to responsibly disclose your findings.
To report a security vulnerability, please follow these steps:
- DO NOT disclose the vulnerability publicly on GitHub Issues or other public forums.
- Email us at SupportEPMD-EDP@epam.com with a detailed description of the vulnerability.
- Include steps to reproduce, impact, and any potential mitigations if known.
- Allow time for the team to investigate and address the vulnerability before any public disclosure.
- Acknowledgment of your report within 48 hours
- An initial assessment of the report within 7 days
- Regular updates about the progress of addressing the vulnerability
- Credit for discovering the vulnerability (unless you prefer to remain anonymous)
We follow a coordinated disclosure process:
- Once a vulnerability is confirmed, we develop and test a fix
- We prepare a security advisory to accompany the fix
- We release the fix and publish the security advisory simultaneously
- After the fix has been available for 10 days, details may be discussed publicly
When deploying the tekton-custom-task controller:
- Use the principle of least privilege for the controller service account
- Keep your Kubernetes and Tekton environments updated with security patches
- Regularly review and audit access to the controller and its resources
Thank you for helping us keep our project and our users secure!