inventree/InvenTree
2
0
Fork 0
mirror of https://github.com/inventree/InvenTree.git synced 2025-06-14 11:05:41 +00:00
Code Activity

refactor(docs): better security linking and references for docs (#9621)

Browse Source 
* Update SECURITY.md with link

* restructure headers and add hall of fame

* add cpe/cve policy

* add CoC and Security Policy links in readme

* update contributing link

* add link to Threat Model

* update dead links
This commit is contained in:
Matthias Mair
2025-05-04 23:20:09 +02:00
committed by GitHub
parent 3bb43734a1
commit 887bc3c235
3 changed files with 31 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
docs/docs/security.md
View File

@ -1,6 +1,9 @@
The InvenTree project is committed to providing a secure and safe environment for all users. We know that many of our users rely on InvenTree to manage the inventory and manufacturing for their small and mid-size businesses, and we take that responsibility seriously.
!!! tip "This page covers the InvenTree project"
This page covers the InvenTree project as a whole. Specific security measures for deploying your own instance of InvenTree can be found on the [Threat Model](./concepts/threat_model.md) page.
To that end, we have implemented a number of security measures over the years, which we will outline in this document.
## Organisational measures
@ -10,8 +13,12 @@ Read the Project [Governance](./project/governance.md) document for more informa
InvenTree is open-source, and we welcome contributions from the community. However, all contributions are reviewed and scrutinised before being merged into the codebase.
We provide a written [Security Policy]({{ sourcefile("SECURITY.md") }}) in our main repo to ensure that all security issues are handled in a timely manner.
### Security Policy
The official [Security Policy]({{ sourcefile("SECURITY.md") }}) is available in the code repository.
We provide this document in our main repo to increase discoverabiltity to ensure that all security issues are handled in a timely manner.
### Past Reports
If we become aware of a security issue, we will take immediate action to address the issue, and will provide a public disclosure of the issue once it has been resolved. We support assigning CVEs to security issues where appropriate. Our [past security advisories can be found here](https://github.com/inventree/InvenTree/security/advisories).
## Technical measures
@ -54,6 +61,6 @@ We also follow OpenSSF recommendations where applicable and take part in multipl
- OSSF Best Practices, currently at a [level of passing](https://www.bestpractices.dev/de/projects/7179)
- OSSF Scorecard, running with each merge [check current state](https://securityscorecards.dev/viewer/?uri=github.com/inventree/InvenTree)
## Security Policy
## Hall of Fame
The official [Security Policy]({{ sourcefile("SECURITY.md") }}) is available in the code repository.
We are grateful for all reports. Confirmed reports can be rewarded with a mention in the Hall of Fame below if the reporter requests it. We are also happy to provide a CVE if applicable.