This is an automated email from the ASF dual-hosted git repository.

exceptionfactory pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git


The following commit(s) were added to refs/heads/main by this push:
     new af8028a3f06 NIFI-16033 Add AGENTS.md and SECURITY.md security-model 
discoverability (#11353)
af8028a3f06 is described below

commit af8028a3f06ca26dcaaeeaa36afb797edd2b58dc
Author: Jarek Potiuk <[email protected]>
AuthorDate: Sat Jun 20 20:18:13 2026 -0400

    NIFI-16033 Add AGENTS.md and SECURITY.md security-model discoverability 
(#11353)
    
    Signed-off-by: David Handermann <[email protected]>
---
 AGENTS.md   | 15 +++++++++++++++
 SECURITY.md |  8 +++++++-
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/AGENTS.md b/AGENTS.md
new file mode 100644
index 00000000000..f14c5685262
--- /dev/null
+++ b/AGENTS.md
@@ -0,0 +1,15 @@
+<!-- SPDX-License-Identifier: Apache-2.0 -->
+
+# Agent Guide for Apache NiFi
+
+This file is read by automated agents (security scanners, code
+analyzers, AI assistants) operating on this repository.
+
+## Security
+
+Security model: [SECURITY.md](./SECURITY.md)
+
+Agents that scan this repository should consult `SECURITY.md` and the
+threat model it links before reporting issues.
+
+The project security model is published at 
https://nifi.apache.org/documentation/security/#security-model linked in 
SECURITY.md.
diff --git a/SECURITY.md b/SECURITY.md
index 84dd4d756d5..f46f3f5e444 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -49,4 +49,10 @@ Apache NiFi follows the [ASF Project Security For 
Committers](https://www.apache
 * The [Mitre Common Vulnerabilities and Exposures (CVE) 
database](https://cveform.mitre.org/)
 * The [Apache NiFi Security Page](https://nifi.apache.org/security.html)
 
-Thank you for helping keep Apache NiFi and our users safe!
\ No newline at end of file
+Thank you for helping keep Apache NiFi and our users safe!
+
+## Threat Model
+
+What the project treats as in scope and out of scope, the security
+properties it provides and disclaims, the adversary model, and how
+findings are triaged are documented in the project [Security 
Model](https://nifi.apache.org/documentation/security/#security-model).

Reply via email to