potiuk opened a new pull request, #18310:
URL: https://github.com/apache/dolphinscheduler/pull/18310
**This is a proposal for the DolphinScheduler PMC to review — please
correct, reject, or discuss as needed.** The maintainer is the
decision-maker; nothing here is a requirement.
This adds the conventional `AGENTS.md → SECURITY.md` discoverability
chain so an automated security scanner can mechanically locate the
project's **existing** security model. It does **not** add or change any
model content — your security model at
`docs/docs/en/contribute/join/security-model.md` is untouched; this just
makes it reachable via the standard chain.
- `SECURITY.md` (new) — routes vulnerability reports to the ASF security
process and points at the existing security model.
- `AGENTS.md` (new) — a Security section routing agents along
`AGENTS.md → SECURITY.md →` your security model.
Context: the ASF Security team is preparing the project for an automated
agentic security scan being piloted by the team. Such scans refuse to run
unless the model is discoverable by that conventional path —
discoverability is the one hard gate. No project source is touched.
Questions / pushback welcome — happy to adjust file placement or wording
to match the project's house style.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]