You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: .github/SECURITY.md
+20-1Lines changed: 20 additions & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -2,6 +2,25 @@
2
2
3
3
The Docling team and community take security bugs seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.
4
4
5
+
## Supported Versions
6
+
7
+
The latest versions of Docling are supported.
8
+
9
+
### Security
10
+
11
+
- Participation in the [OpenSSF Best Practices Badge Program](https://bestpractices.coreinfrastructure.org/en/projects/10101) for Free/Libre and FLOSS projects to ensure that we follow current best practices for quality and security
12
+
- Use of [HTTPS](https://en.wikipedia.org/wiki/HTTPS) for network communication
13
+
- Use of secure protocols for network communication (through the use of HTTPS)
14
+
- Up-to-date support for TLS/SSL (through the use of [OpenSSL](https://www.openssl.org/))
15
+
- Performance of TLS certificate verification by default before sending HTTP headers with private information (through the use of OpenSSL and HTTPS)
16
+
- Distribution of the software via cryptographically signed releases (on the [PyPI](https://pypi.org/), [Quay.io](https://quay.io/organization/docling-project/) and [GHCR.io](https://github.com/orgs/docling-project/packages) package repositories)
17
+
- Use of [GitHub](https://github.com/) Issues for vulnerability reporting and tracking
18
+
19
+
### Analysis
20
+
21
+
- Use of [Ruff](https://docs.astral.sh/ruff/), [Mypy](https://mypy.readthedocs.io/) and [Pytest](https://docs.pytest.org/en/7.2.x/) for Python code linting (static and dynamic analysers) on pull requests and builds
22
+
- Use of GitHub Issues for bug reporting and tracking
23
+
5
24
## Reporting a Vulnerability
6
25
7
26
If you think you've identified a security issue in an Docling project repository, please DO NOT report the issue publicly via the GitHub issue tracker, etc.
@@ -10,7 +29,7 @@ Instead, send an email with as many details as possible to [deepsearch-core@zuri
10
29
11
30
Please do not create a public issue.
12
31
13
-
## Security Vulnerability Response
32
+
###Security Vulnerability Response
14
33
15
34
Each report is acknowledged and analyzed by the core maintainers within 3 working days.
0 commit comments