main

分支 (13)

标签 (100)

管理

管理

main

pr6364

sapling-pr-archive-yurishkuro

pr6363

pavolloffay-pr2459-test-konflux

patch-1.58.1

renovate/github-codeql-action-digest

renovate/fossa-contrib-fossa-action-digest

dependabot/go_modules/golang.org/x/net-0.8.0

release-1.35

release-1.34

release-1.17

release-1.8

v1.68.0

v2.5.0

v1.67.0

v2.4.0

v1.66.0

v2.3.0

v2.2.0

v1.65.0

v2.1.0

v1.64.0

v2.0.0

v1.63.0

v1.62.0

v2.0.0-rc2

v1.61.0

v2.0.0-rc1

v1.60.0

v2.0.0-rc0

v1.59.0

v1.58.1

Jaeger
/
SECURITY-INSIGHTS.yml

header:
  schema-version: 1.0.0
  last-updated: '2023-10-20'
  last-reviewed: '2023-10-20'
  expiration-date: '2024-10-20T01:00:00.000Z'
  project-url: https://github.com/jaegertracing/jaeger/
  changelog: https://github.com/jaegertracing/jaeger/blob/main/CHANGELOG.md
  license: https://github.com/jaegertracing/jaeger/blob/main/LICENSE
project-lifecycle:
  bug-fixes-only: false
  core-maintainers:
  - https://github.com/jaegertracing/jaeger/blob/main/README.md#maintainers
  roadmap: https://www.jaegertracing.io/roadmap/
  release-cycle: https://github.com/jaegertracing/jaeger/blob/main/RELEASE.md#release-managers
  status: active
contribution-policy:
  accepts-pull-requests: true
  accepts-automated-pull-requests: true
  contributing-policy: https://github.com/jaegertracing/jaeger/blob/main/CONTRIBUTING.md
  code-of-conduct: https://github.com/jaegertracing/jaeger/blob/main/CODE_OF_CONDUCT.md
documentation:
- https://www.jaegertracing.io/docs/
distribution-points:
- https://github.com/jaegertracing/jaeger/
- https://hub.docker.com/r/jaegertracing/
- https://quay.io/organization/jaegertracing/
security-artifacts:
  threat-model:
    threat-model-created: true
    evidence-url:
    - https://github.com/jaegertracing/jaeger/blob/main/THREAT-MODEL.md
  self-assessment:
    self-assessment-created: true
    evidence-url:
    - https://github.com/cncf/tag-security/blob/main/assessments/projects/jaeger/self-assessment.md
security-testing:
- tool-type: sca
  tool-name: Dependabot
  tool-version: latest
  integration:
    ad-hoc: false
    ci: true
    before-release: true
  comment: |
    Dependabot is enabled for this repo.
security-contacts:
- type: website
  value: https://github.com/jaegertracing/jaeger/blob/main/SECURITY.md
vulnerability-reporting:
  accepts-vulnerability-reports: true
  security-policy: https://github.com/jaegertracing/jaeger/blob/main/SECURITY.md
  email-contact: jaeger-tracing@googlegroups.com
  comment: |
    The first and best way to report a vulnerability is by using private security issues in GitHub or opening an issue on Github. We are also available on the CNCF Slack in the jaeger channel.
dependencies:
  third-party-packages: true
  dependencies-lists:
  - https://github.com/jaegertracing/jaeger/blob/main/go.mod
  sbom:
  - sbom-file: https://github.com/jaegertracing/jaeger/releases/latest/download/jaeger-SBOM.spdx.json
    sbom-format: SPDX
    sbom-url: https://github.com/anchore/sbom-action
  dependencies-lifecycle:
    policy-url: https://github.com/jaegertracing/jaeger/blob/main/SECURITY.md#security-patch-policy
  env-dependencies-policy:
    policy-url: https://github.com/jaegertracing/jaeger/blob/main/SECURITY.md#dependency-policy