This is an automated email from the ASF dual-hosted git repository.
cloud-fan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/spark-docker.git
The following commit(s) were added to refs/heads/master by this push:
new 88e2dd2 Add AGENTS.md + SECURITY.md for scan-agent discoverability
(#116)
88e2dd2 is described below
commit 88e2dd2f113c9e589cda9906d1fae818d965ab39
Author: Jarek Potiuk <[email protected]>
AuthorDate: Tue May 26 04:25:14 2026 +0200
Add AGENTS.md + SECURITY.md for scan-agent discoverability (#116)
* Add AGENTS.md + SECURITY.md for scan-agent discoverability
Adds AGENTS.md + SECURITY.md so an automated scan agent can mechanically
discover the project's security model via the conventional
AGENTS.md -> SECURITY.md -> model URL chain. The chain terminates at the
existing https://spark.apache.org/docs/latest/security.html document.
Generated-by: Claude Code (Claude Opus 4.7)
* Change security report email to [email protected]
Updated contact email for reporting security vulnerabilities.
---------
Co-authored-by: Xiao Li <[email protected]>
---
AGENTS.md | 14 ++++++++++++++
SECURITY.md | 26 ++++++++++++++++++++++++++
2 files changed, 40 insertions(+)
diff --git a/AGENTS.md b/AGENTS.md
new file mode 100644
index 0000000..c106092
--- /dev/null
+++ b/AGENTS.md
@@ -0,0 +1,14 @@
+# Agent guidance
+
+This file is read by automated agents (security scanners, code
+analyzers, AI assistants) operating on this repository. It
+points them at the human-authored references they should
+consult before producing output.
+
+## Security
+
+Security model: [SECURITY.md](./SECURITY.md)
+
+Agents that scan this repository should consult `SECURITY.md`
+for the project's threat model, in-scope / out-of-scope
+declarations, and known non-findings before reporting issues.
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..9d94b60
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,26 @@
+# Security policy
+
+## Reporting a vulnerability
+
+To report a security vulnerability in apache/spark-docker,
+follow the ASF security process at
+<https://www.apache.org/security/>. Reports can be sent privately
+to [email protected] or to [email protected].
+
+## Threat model
+
+This repository builds the official container images for
+Apache Spark. Apache Spark's security guidance for operators
+— including the trust boundaries the published images
+inherit — is documented at:
+
+<https://spark.apache.org/docs/latest/security.html>
+
+That document covers authentication, encryption, access
+control, Kerberos integration, trust boundaries, environmental
+assumptions, security properties provided and not provided,
+and downstream operator responsibilities.
+
+Automated security scanning agents should consult that
+document for the project's in-scope / out-of-scope
+declarations before reporting issues.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
