openmct/SECURITY.md
Andrew Henry d10561fc7f
Fix security policy typo, and duplicate security issue template entries ()
* Tiny typo
* Remove duped security issue entries
2021-11-10 15:38:13 -08:00

1.5 KiB

Security Policy

The Open MCT team secures our code base using a combination of code review, dependency review, and periodic security reviews. Static analysis performed during automated verification additionally safeguards against common coding errors which may result in vulnerabilities.

Reporting a Vulnerability

For general defects, please for a Bug Report

To report a vulnerability for Open MCT please send a detailed report to arc-dl-openmct.

See our top-level security policy for additional information.

CodeQL and LGTM

The CodeQL GitHub Actions workflow is available to the public. To review the results, fork the repository and run the CodeQL workflow.

CodeQL is run for every pull-request in GitHub Actions.

The project is also monitored by LGTM and is available to public.

ESLint

Static analysis is run for every push on the master branch and every pull request on all branches in Github Actions.

For more information about ESLint, visit https://eslint.org/.

General Support

For additional support, please open a Github Discussion.

If you wish to report a cybersecurity incident or concern, please contact the NASA Security Operations Center either by phone at 1-877-627-2732 or via email address soc@nasa.gov.