Merge pull request #42 from Aditya-150/main

feat: security and code of conduct addition and slack URL fix
kubearmor · Jan 25, 2024 · f7b0f8b · f7b0f8b
2 parents 874debd + 8e0064d
commit f7b0f8b
Show file tree

Hide file tree

Showing 5 changed files with 95 additions and 3 deletions.
diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
@@ -0,0 +1,47 @@
+## Community Code of Conduct v1.0
+
+This is Code of Conduct is based on the [CNCF Code of
+Conduct](https://github.com/cncf/foundation/edit/master/code-of-conduct.md).
+See the referred document for translated versions into different languages. The
+text below is modified with KubeArmor community specific contact details.
+
+### Contributor Code of Conduct
+
+As contributors and maintainers of this project, and in the interest of fostering
+an open and welcoming community, we pledge to respect all people who contribute
+through reporting issues, posting feature requests, updating documentation,
+submitting pull requests or patches, and other activities.
+
+We are committed to making participation in this project a harassment-free experience for
+everyone, regardless of level of experience, gender, gender identity and expression,
+sexual orientation, disability, personal appearance, body size, race, ethnicity, age,
+religion, or nationality.
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery
+* Personal attacks
+* Trolling or insulting/derogatory comments
+* Public or private harassment
+* Publishing others' private information, such as physical or electronic addresses,
+  without explicit permission
+* Other unethical or unprofessional conduct.
+
+Project maintainers have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are not
+aligned to this Code of Conduct. By adopting this Code of Conduct, project maintainers
+commit themselves to fairly and consistently applying these principles to every aspect
+of managing this project. Project maintainers who do not follow or enforce the Code of
+Conduct may be permanently removed from the project team.
+
+This code of conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community.
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project maintainers or our mediator, Nandhini Ananthakalyanaraman
+(<[email protected]>). Individuals found to be in violation of the Code of Conduct may be 
+removed from the project and prevented from future participation.
+
+This Code of Conduct is adapted from the Contributor Covenant
+(http://contributor-covenant.org), version 1.2.0, available at
+http://contributor-covenant.org/version/1/2/0/
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,45 @@
+# Security Policy
+The Maintainers and contributors to KubeArmor take the security of our software seriously. 
+The KubeArmor community has adopted the below security disclosures and response policy to promptly respond to critical issues.
+
+Please do not report security vulnerabilities through public GitHub issues.
+
+## Security bulletins
+For information regarding the security of this project please join our [slack channel](https://join.slack.com/t/kubearmor/shared_invite/zt-2bhlgoxw1-WTLMm_ica8PIhhNBNr2GfA).
+
+## Reporting a Vulnerability
+### When you should?
+- You think you discovered a potential security vulnerability in KubeArmor.
+- You are unsure how a vulnerability affects KubeArmor.
+- You think you discovered a vulnerability in the dependency of KubeArmor. For those projects, please leverage their reporting policy.
+
+### When you should not?
+- You need assistance in configuring KubeArmor for security - please discuss this is in the [slack channel](https://join.slack.com/t/kubearmor/shared_invite/zt-2bhlgoxw1-WTLMm_ica8PIhhNBNr2GfA).
+- You need help applying security-related updates.
+- Your issue is not security-related.
+
+### Please use the below process to report a vulnerability to the project:
+1. Email the **KubeArmor security group at [email protected]**
+
+    * Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
+        * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
+        * Full paths of the source file(s) related to the manifestation of the issue
+        * Location of the affected source code (tag/branch/commit or direct URL) 
+        * Any special configuration required to reproduce the issue
+        * Step-by-step instructions to reproduce the issue
+        * Proof-of-concept or exploit code (if possible)
+        * Impact of the issue, including how an attacker might exploit the issue
+
+    * These information will help us triage your report more quickly.
+
+2. The project security team will send an initial response to the disclosure in 3-5 days. Once the vulnerability and fix are confirmed, the team will plan to release the fix in 7 to 28 days based on the severity and complexity.
+
+3. You may be contacted by a project maintainer to further discuss the reported item. Please bear with us as we seek to understand the breadth and scope of the reported problem, recreate it, and confirm if there is a vulnerability present.
+
+## Supported Versions
+KubeArmor versions follow [Semantic Versioning](https://semver.org/) terminology and are expressed as x.y.z:
+- where x is the major version
+- y is the minor version
+- and z is the patch version
+
+Security fixes may be backported to some recent minor releases, depending on severity and feasibility. Patch releases are cut from those branches periodically, plus additional urgent releases, when required.
diff --git a/docusaurus.config.js b/docusaurus.config.js
@@ -238,7 +238,7 @@ const config = {
               },
               {
                 label: "Slack",
-                to: "https://join.slack.com/t/kubearmor/shared_invite/zt-1ltmqdbc6-rSHw~LM6MesZZasmP2hAcA/",
+                to: "https://join.slack.com/t/kubearmor/shared_invite/zt-2bhlgoxw1-WTLMm_ica8PIhhNBNr2GfA",
               },
               {
                 label: "LinkedIn",

diff --git a/src/components/HomepageCommunity/index.js b/src/components/HomepageCommunity/index.js
@@ -42,7 +42,7 @@ export default function HomepageCommunity() {
             cardIcon={communityLogo1}
           />
           <Card
-            cardLink="https://join.slack.com/t/kubearmor/shared_invite/zt-1ltmqdbc6-rSHw~LM6MesZZasmP2hAcA/"
+            cardLink="https://join.slack.com/t/kubearmor/shared_invite/zt-2bhlgoxw1-WTLMm_ica8PIhhNBNr2GfA"
             cardData="600+ Members"
             cardTitle="Slack Channel"
             cardIcon={communityLogo2}

diff --git a/src/components/SlackIconButton/index.js b/src/components/SlackIconButton/index.js
@@ -7,7 +7,7 @@ export default function SlackIconButton () {
     return (
       <Link
         className={`slack-icon-button ${styles.button}`}
-        to="https://join.slack.com/t/kubearmor/shared_invite/zt-1ltmqdbc6-rSHw~LM6MesZZasmP2hAcA/"
+        to="https://join.slack.com/t/kubearmor/shared_invite/zt-2bhlgoxw1-WTLMm_ica8PIhhNBNr2GfA"
       >
         <FaSlack color="var(--color-white)" />
         Join Slack