This is an automated email from the ASF dual-hosted git repository.
exceptionfactory pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push:
new af8028a3f06 NIFI-16033 Add AGENTS.md and SECURITY.md security-model
discoverability (#11353)
af8028a3f06 is described below
commit af8028a3f06ca26dcaaeeaa36afb797edd2b58dc
Author: Jarek Potiuk <[email protected]>
AuthorDate: Sat Jun 20 20:18:13 2026 -0400
NIFI-16033 Add AGENTS.md and SECURITY.md security-model discoverability
(#11353)
Signed-off-by: David Handermann <[email protected]>
---
AGENTS.md | 15 +++++++++++++++
SECURITY.md | 8 +++++++-
2 files changed, 22 insertions(+), 1 deletion(-)
diff --git a/AGENTS.md b/AGENTS.md
new file mode 100644
index 00000000000..f14c5685262
--- /dev/null
+++ b/AGENTS.md
@@ -0,0 +1,15 @@
+<!-- SPDX-License-Identifier: Apache-2.0 -->
+
+# Agent Guide for Apache NiFi
+
+This file is read by automated agents (security scanners, code
+analyzers, AI assistants) operating on this repository.
+
+## Security
+
+Security model: [SECURITY.md](./SECURITY.md)
+
+Agents that scan this repository should consult `SECURITY.md` and the
+threat model it links before reporting issues.
+
+The project security model is published at
https://nifi.apache.org/documentation/security/#security-model linked in
SECURITY.md.
diff --git a/SECURITY.md b/SECURITY.md
index 84dd4d756d5..f46f3f5e444 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -49,4 +49,10 @@ Apache NiFi follows the [ASF Project Security For
Committers](https://www.apache
* The [Mitre Common Vulnerabilities and Exposures (CVE)
database](https://cveform.mitre.org/)
* The [Apache NiFi Security Page](https://nifi.apache.org/security.html)
-Thank you for helping keep Apache NiFi and our users safe!
\ No newline at end of file
+Thank you for helping keep Apache NiFi and our users safe!
+
+## Threat Model
+
+What the project treats as in scope and out of scope, the security
+properties it provides and disclaims, the adversary model, and how
+findings are triaged are documented in the project [Security
Model](https://nifi.apache.org/documentation/security/#security-model).