[Task] Update our top level security policy (#4429)

* Create SECURITY.md * Remove unused template * Add security template to our issue chooser * Add new issue type for maintenance * eslint changes Co-authored-by: Andrew Henry <akhenry@gmail.com>
2024-12-18 20:57:53 +00:00 · 2021-11-10 13:33:22 -08:00 · 2021-11-10 13:33:22 -08:00 · 566469e691
commit 566469e691
parent 6d4a324fca
4 changed files with 46 additions and 24 deletions
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@ -2,4 +2,7 @@ blank_issues_enabled: true
 contact_links:
  - name: Discussions
    url: https://github.com/nasa/openmct/discussions
-    about: Got a question?
+    about: Have a question about the project?
+  - name: Security
+    url: https://github.com/nasa/openmct/security/policy
+    about: Report a Security Vulnerability
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@ -1,23 +0,0 @@
-<!--- This is for filing enhancements or features. If you have a general -->
-<!--- question, please visit https://github.com/nasa/openmct/discussions -->
-
---
-name: Feature Request
-about: Suggest an idea for this project
-
---
-
-<!--
-Thank you for suggesting an idea to make Open MCT better.
-
-Please fill in as much of the template below as you're able.
-->
-
-**Is your feature request related to a problem? Please describe.**
-<!-- Please describe the problem you are trying to solve. -->
-
-**Describe the solution you'd like**
-<!--- Please describe the desired behavior. -->
-
-**Describe alternatives you've considered**
-<!--- Please describe alternative solutions or features you have considered. -->
--- a/.github/ISSUE_TEMPLATE/maintenance-type.md
+++ b/.github/ISSUE_TEMPLATE/maintenance-type.md
@ -0,0 +1,11 @@
+---
+name: Maintenance
+about: Add, update or remove documentation, tests, or dependencies.
+title: ''
+labels: type:maintenance
+assignees: ''
+
+---
+
+#### Summary
+<!--- Generally describe the purpose of the change. -->
--- a/SECURITY.md
+++ b/SECURITY.md
@ -0,0 +1,31 @@
+# Security Policy
+
+The Open MCT team secures our code base using a combination of code review, dependency review, and periodic security reviews. Static analysis performed during automated verification additionally safeguards against common coding errors which may result in vulnerabilities.
+
+### Reporting a Vulnerability
+
+For general defects, please for a [Bug Report](https://github.com/nasa/openmct/issues/new/choose)
+
+To report a vulnerability for Open MCT please send a detailed report to [arc-dl-openmct](mailto:arc-dl-openmct@mail.nasa.gov). 
+
+See our [top-level security policy](https://github.com/nasa/openmct/security/policy) for additional information.
+
+### CodeQL and LGTM
+
+The [CodeQL GitHub Actions workflow](https://github.com/nasa/openmct/blob/master/.github/workflows/codeql-analysis.yml) is available to the public. To review the results, fork the repository and run the CodeQL workflow. 
+
+CodeQL is ran for every pull-request in GitHub Actions.
+
+The project is also monitored by [LGTM](https://lgtm.com/projects/g/nasa/openmct/) and is available to public.
+
+### ESLint
+
+Static analysis is run for every push on the master branch and every pull request on all branches in Github Actions. 
+
+For more information about ESLint, visit https://eslint.org/.
+
+### General Support
+
+For additional support, please open a [Github Discussion](https://github.com/nasa/openmct/discussions). 
+
+If you wish to report a cybersecurity incident or concern, please contact the NASA Security Operations Center either by phone at 1-877-627-2732 or via email address soc@nasa.gov.