Skip to content

Commit 9e984bf

Browse files
cdavernascdavernas
authored
Create SECURITY.md
1 parent 7d0bbf4 commit 9e984bf

File tree

1 file changed

+27
-0
lines changed

1 file changed

+27
-0
lines changed

SECURITY.md

+27
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,27 @@
1+
# Security Policy
2+
3+
## Reporting a Vulnerability
4+
5+
The Serverless Workflow Rust SDK team and community take security vulnerabilities very seriously. Responsible disclosure of security issues is greatly appreciated, and every effort will be made to acknowledge and address your findings.
6+
7+
To report a security issue:
8+
9+
- **Use the GitHub Security Advisory**: Please use the ["Report a Vulnerability"](https://github.com/serverlessworkflow/sdk-rust/security/advisories/new) tab on GitHub to submit your report.
10+
11+
The team will acknowledge your report and provide details on the next steps. After the initial response, the security team will keep you informed of the progress towards a fix and any subsequent announcements. Additional information or guidance may be requested as necessary.
12+
13+
## Security Best Practices
14+
15+
To ensure the security and stability of the Serverless Workflow Rust SDK, consider the following best practices:
16+
17+
- **Runtime Environment Hardening**: Secure the underlying infrastructure where the SDK is used. This includes using up-to-date operating systems, applying security patches regularly, and configuring firewalls and security groups to limit access to only necessary ports and services.
18+
19+
- **Secure Configuration Management**: Ensure that configuration files, especially those containing sensitive information like API keys or connection strings, are stored securely. Use environment variables or secret management tools to avoid hardcoding sensitive data.
20+
21+
- **Dependency Management**: Regularly audit and update dependencies used in your project. Use tools like `cargo audit` to identify vulnerabilities in third-party crates and address them promptly.
22+
23+
By adhering to these best practices, the security of workflows and applications built using the Serverless Workflow Rust SDK can be significantly enhanced, reducing the risk of vulnerabilities and ensuring the integrity and reliability of the workflows executed.
24+
25+
---
26+
27+
Thank you for contributing to the security and integrity of the Serverless Workflow Rust SDK!

0 commit comments

Comments
 (0)