potiuk opened a new pull request, #18310:
URL: https://github.com/apache/dolphinscheduler/pull/18310

   **This is a proposal for the DolphinScheduler PMC to review — please
   correct, reject, or discuss as needed.** The maintainer is the
   decision-maker; nothing here is a requirement.
   
   This adds the conventional `AGENTS.md → SECURITY.md` discoverability
   chain so an automated security scanner can mechanically locate the
   project's **existing** security model. It does **not** add or change any
   model content — your security model at
   `docs/docs/en/contribute/join/security-model.md` is untouched; this just
   makes it reachable via the standard chain.
   
   - `SECURITY.md` (new) — routes vulnerability reports to the ASF security
     process and points at the existing security model.
   - `AGENTS.md` (new) — a Security section routing agents along
     `AGENTS.md → SECURITY.md →` your security model.
   
   Context: the ASF Security team is preparing the project for an automated
   agentic security scan being piloted by the team. Such scans refuse to run
   unless the model is discoverable by that conventional path —
   discoverability is the one hard gate. No project source is touched.
   
   Questions / pushback welcome — happy to adjust file placement or wording
   to match the project's house style.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to