(tomcat-connectors) branch main updated: Add AGENTS.md and SECURITY.md to support AI security scans

Fri, 15 May 2026 00:07:12 -0700 

This is an automated email from the ASF dual-hosted git repository.

markt-asf pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat-connectors.git


The following commit(s) were added to refs/heads/main by this push:
     new d3a74c15d Add AGENTS.md and SECURITY.md to support AI security scans
d3a74c15d is described below

commit d3a74c15d05424c0352dcd8357a6a5f882bb1f83
Author: Mark Thomas <[email protected]>
AuthorDate: Fri May 15 07:47:20 2026 +0100

    Add AGENTS.md and SECURITY.md to support AI security scans
---
 AGENTS.md   | 17 +++++++++++++++++
 SECURITY.md | 14 ++++++++++++++
 2 files changed, 31 insertions(+)

diff --git a/AGENTS.md b/AGENTS.md
new file mode 100644
index 000000000..80030edf1
--- /dev/null
+++ b/AGENTS.md
@@ -0,0 +1,17 @@
+# Agent guidance
+
+This file is read by automated agents (security scanners, code
+analyzers, AI assistants) operating on this repository. It
+points them at the human-authored references they should
+consult before producing output.
+
+## Security
+
+Security model: [SECURITY.md](./SECURITY.md), which links to
+the canonical model document at
+<https://tomcat.apache.org/security-model.html>.
+
+Agents that scan this repository should consult the linked
+security model for the project's threat model, in-scope /
+out-of-scope declarations, and known non-findings before
+reporting issues.
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..db79646e0
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,14 @@
+# Security
+
+Apache Tomcat's security model and disclosure process are
+published on the project website rather than in the repository:
+
+- **Threat model and security policy**:
+  <https://tomcat.apache.org/security-model.html>
+- **How to report a vulnerability**: see the Security section
+  of <https://tomcat.apache.org/>.
+
+The project website is the authoritative source; this file
+exists so agents and tooling that look for `SECURITY.md` in
+the repository can mechanically follow the link to the
+canonical documents.


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to