Add security policy #339
Merged
Add security policy #339
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add Astronomer's security policy to provide guidelines for evaluating and mitigating security risks. The idea of a security policy in software is familiar; many large open-source projects understand the need to define policies and procedures for reporting security issues. Some even have dedicated teams to handle security issues. Forges like GitHub actively promote adding a SECURITY.rst or SECURITY.md file in the code repository that explains how to report security issues. This is directly inspired by the same document in the Cosmos repository: astronomer/astronomer-cosmos#1385 Co-authored-by: Joshua Domagalski <[email protected]>
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #339 +/- ##
=======================================
Coverage 93.68% 93.68%
=======================================
Files 10 10
Lines 792 792
=======================================
Hits 742 742
Misses 50 50 ☔ View full report in Codecov by Sentry. |
pankajkoti
approved these changes
Jan 6, 2025
pankajastro
approved these changes
Jan 6, 2025
Merged
tatiana
pushed a commit
that referenced
this pull request
Jan 10, 2025
### Added - Propagate provided dag_display_name to built dag by @pankajkoti in #326 - Add incipient documentation tooling by @tatiana in #328 - Support loading `default_args` from shared `defaults.yml` by @pankajastro in #330 - Add security policy by @tatiana in #339 - Add Robust Support for Callbacks at Task and TaskGroup Level by @@jroach-astronomer in #322 - Support `ExternalTaskSensor` `execution_date_fn` and `execution_delta` by @tatiana in #354 - Refactor and add support for schedule conditions in DAG configuration by @ErickSeo in #320 ### Fixed - Handle gracefully exceptions during telemetry collection by @tatiana in #335 - Adjust `markdownlint` configuration to enforce 4-space indentation for proper `mkdocs` rendering by @pankajkoti in #345 ### Docs - Create initial documentation index by @tatiana in #325 - Use absolute URLs for failing links in docs/index.md by @pankajkoti in #331 - Add quick start docs by @pankajastro in #324 - Add docs comparing Python and YAML-based DAGs by @tatiana in #327 - Add docs about project contributors and their roles by @tatiana in #341 - Add documentation to support developers by @tatiana in #343 - Add docs for configuring workflows, environment variables and defaults by @pankajkoti in #338 - Add code of conduct for contributors and DAG factory community by @tatiana in #340 - Document Dynamic Task Mapping feature by @pankajkoti in #344 - Fix warning message 404 in code_of_conduct docs by @pankajastro in #346 - Update theme for documentation by @pankajastro in #348 - Fix markdownlint errors and some rendering improvements by @pankajastro in #356 - Reword content in documentation by @yanmastin-astro in #336 ### Others - Improve integration tests scripts by @tatiana in #316 - Add Markdown pre-commit checks by @tatiana in #329 - Remove Airflow <> 2.0.0 check by @pankajastro in #334 - Reduce telemetry timeout from 5 to 1 second by @tatiana in #337 - Add GH action job to deploy docs by @pankajastro in #342 - Enable Depandabot to scan outdated Github Actions dependencies by @tatiana in #347 - Improve docs deploy job by @pankajastro in #352 - Unify how we build dagfactory by @tatiana in #353 - Fix running make docker run when previous versions were run locally by @tatiana in #362 - Install `jq` in `dev` container by @pankajastro in #363 - Dependabot GitHub actions version upgrades in #349, #350, #351 Closes: #306
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add Astronomer's security policy to provide guidelines for evaluating and mitigating security risks.
The idea of a security policy in software is familiar; many large open-source projects understand the need to define policies and procedures for reporting security issues. Some even have dedicated teams to handle security issues. Forges like GitHub actively promote adding a
SECURITY.rstorSECURITY.mdfile in the code repository that explains how to report security issues.This is directly inspired by the same document in the Cosmos repository: astronomer/astronomer-cosmos#1385
Co-authored-by: Joshua Domagalski [email protected]