From bdbb0fc352f1c36488240723c0070dd5267a768a Mon Sep 17 00:00:00 2001 From: Clayton Kehoe Date: Wed, 29 May 2024 13:53:14 -0500 Subject: [PATCH 1/8] add openssf best practices badge --- README.md | 4 ++++ index.md | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/README.md b/README.md index 38c27929..fafd19a4 100644 --- a/README.md +++ b/README.md @@ -11,6 +11,10 @@ OpenSSF Scorecard + + + + Apache 2 License diff --git a/index.md b/index.md index fbd1640f..338f738e 100644 --- a/index.md +++ b/index.md @@ -25,6 +25,10 @@ OpenSSF Scorecard + + + + Apache 2 License From 566f55093a6101705e65484c420918a8b62df1b7 Mon Sep 17 00:00:00 2001 From: Clayton Kehoe Date: Wed, 29 May 2024 15:09:11 -0500 Subject: [PATCH 2/8] adding security --- SECURITY.md | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..2f6b22e9 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,9 @@ +# Reporting Security Issues + +The config-file-validator team and community take security bugs in the config-file-validator seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions. + +To report a security issue, please use the GitHub Security Advisory ["Report a Vulnerability"](https://github.com/boeing/config-file-validator/security/advisories/new) tab. + +The config-file-validator admins will send a response indicating the next steps in handling your report. After the initial reply to your report, the security team will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance. + +Report security bugs in third-party modules to the person or team maintaining the module. \ No newline at end of file From 1f3ac6863628af3e179e09d747b51209fe36e9fa Mon Sep 17 00:00:00 2001 From: Clayton Kehoe Date: Wed, 29 May 2024 15:24:44 -0500 Subject: [PATCH 3/8] remove binary file --- bin/validator | Bin 8250354 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100755 bin/validator diff --git a/bin/validator b/bin/validator deleted file mode 100755 index c43fed2d254c9e0c9601e479d001060d0a55c061..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 8250354 zcmeF4dwf;ZmH79$k31j>mMB!f+&mybRA^BkrEP8=yhMYQ%;=O(^SA+mD2V6?1)B>A z4-HnXX2uq5dBh-zk5Y=&w6%nXh)`Pyj_tJ5@!p$+hq0}pw#`*ye&2N-_nurHwKKoZ z{5AP}PR=>|?7jBdYpuQZT5CVyDOGmUi|jg($Zxs?yFdGZ|SlJAF2R_czFIp**b9^G=a#w;A8zI zneYb#Zuiyebsu4|tcu3qGv4f8MjV0phBe!|xrI-CK=R&(neI^Fyet}qgLmp}hgV4@cb6VjXq`NkUnVtGus;l8joM=tN*OSYyCp3lpVi#cp@ju4LP|h|ITT# zLh9=}oM?jgF8#4#+;!0;d9b=mY3VmA=T$tkptQWA;(>YpB7D6lys;JnCOjK3JDVwQ z!lTR1BU3!Qv6_M3C-V%tjmA$H z+y#{trOSK|ER2Vj^z(T-yz5OUNhx-zy%;>Ry+${?0Kd-^BWr zq-T&mULJsZ{3%TxAM&ue!xCaikNXp(1&(Lq6P9ic#kgtGogQBD zz@la23YR=EZ`zWF7NbBHE?In&-qGaCxPP4Yz%o*njmwYA1AM`+?C+~*&OF~k4=j9e z#l>r|z5-MJMskULvhD0Db>~Nt@_&E-M}hyN!2eO;|0wXkL4iKc^d%nMfAGvK`hq8; zsQC8Mr7Ozs&A+wyj?dp;u&8L(%zqd+tEl|;sRa*~S53Zi=I#G9bMfp+lW!jP)!QoX zoP`VML* zKAi1t>Rp-8)LWwk{^V56Ny`73GlNu1Xo3oaGgY8W`S1Mb{p9-dT%T}#NS!i#NmAa*O<+P>` zXHRVcmq4qt^qnC2Q_26~?4N;`*3=7(Aqv<@-pFan9Jxsy*It_%2~uyEyx7R~7$|MM zEAxSKV3)u!^0*@!=?zMy_8nBT6Id%9v{MCU~u8$1zd&p7JlCW*K5J` zBf%B?Le6WTueYG%>qp6o$ zfr~Xr8{qE;R|b}nuME6%kn5_iIwMl|44!v=vUP)1-y-syRBCTuqKXJV%N%*{2v3l0 zL{ns~kaiTn7ux4Ecv3~3u756!9HLwZ8cIIo{7xr#ze;;Yq4=%O_4 z^|d5<-@mU%Z{ub9+DBcszNS)j-t~|s>7ta9TwdfYsW}5YhESK1ey`uow>e z>&HUBcPJ};@d|L2ekL@0o3vdHb*$Bo(n}@WW5~h9XP!&3#S1^bJdwIN<|M)F$O094L4D@02$D0aynG zp840i^2d6aKh1GB{dumd>90O#Q)H2&>EmTulhpqqeKkm*^&@X0b006u=X(M93dvv8 z^rtyfY0u$kJ2nmUM*4i?yWVuFl1~O**V9{**3+A*PRt#vHkA*}kI21ZNPZ+uXM^Z1t#acwSOILhVlX4-8CMUfEOT zOnb-W(E^{L-@23*z_&?t1yun5G1cYO0{By@t}-nkdRNku%sXDN{#|sOt5pT0-*H0I1t`=`KZIb}@!%$2yP^;j>$5b-om>uEx>xN+aK^mDb&; zytzAvd7nJ!Ik?$3e(UB6<)|C=N#3MVmx1@{ByVosDs5?K=+@0b^APn!@iyyP|4Y?R z_U4-SpRnQIbQ%1G$A&C_`Zl!FhMi^`4%3D=XhXZL4Wns;w0Vuz^UAg)v3b<7YUSv{ z_9%(+-^AYwEr0Z=R{uKJUamQD?a4OV^OmhWGn4xB!vPL!RMJGDkMQKb(^($mv2AIjR!t-kYT&KI-cNrVp5f$-tbVBKv`NgG#E~s12ywc!dhos_H$$!}r0Z zqgu;-f4YkJKdU|<>O*@{bbWNgm$dr!>ipbF^~j#i=L&O)y**GfxMp)`x;G+Y!`T#c z+FTWJDwUh*QYSi`&SSObtDmY>=wPMlIt#rKqn{*nRlL1+b2~JsR<5of{lL(L&gL3) zTyU;8A}}R?19FpxEF4T$C0WXStTsuV=ybY{`OdF>%qKACcq99Ov151b=8gs4$X4>U z>hPTCR#)>98@%vrZ)8n^+S@)w@O5^zC#aH+S>DJfde-SQ z?fyh?a5tZN0U8P)&3jnC8{_jE`g2lqzUFT`WP9GPKPT$xKeIjmM1M|ePEW-?{`O~( zM+altzwCK^i29&$*NuTwiQYXGPJi3gv$XojSxUDn4Y?T}=sB+H^>W8=34{lJa}Rp& zg0iA(6DT_-uIyRLO5c!iC^V41IS4urQIU=YmD~B8$`!k!V~5etL-gzLAZR=U8aH_P z?#*@E^y8!W3ik1E6Ztl|)XRRS+AB6>ygh_0cl{nZFEs5T7q(DARb`J4n@9S)$od$@ z?;^?;k`_kJ#4eM5Y#&#RaYQxW0}b!vdS*ndO@jYk6aRO>^(t)o4;xfqtK+J!{Ez!e zKFm~sRELWE%BI8O?WO3rZrVy3wvv5Zyp+AP5ZvSGaX-G$aGa?>_Vzv9uMN;&aDCLo z^^bA5mgARNxPD;6RTS?32EGR`f$u;6H}J(KZ^0jHVeDD79~wE5yel%f