(tomcat-jakartaee-migration) branch main updated: Add AGENTS.md and SECURITY.md to support AI security scans

Fri, 15 May 2026 00:08:29 -0700 

This is an automated email from the ASF dual-hosted git repository.

markt-asf pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat-jakartaee-migration.git


The following commit(s) were added to refs/heads/main by this push:
     new 6487bdf  Add AGENTS.md and SECURITY.md to support AI security scans
6487bdf is described below

commit 6487bdf667f4b69b5de36eed7861132a3531eda0
Author: Mark Thomas <[email protected]>
AuthorDate: Fri May 15 07:47:14 2026 +0100

    Add AGENTS.md and SECURITY.md to support AI security scans
---
 AGENTS.md   | 17 +++++++++++++++++
 SECURITY.md | 14 ++++++++++++++
 2 files changed, 31 insertions(+)

diff --git a/AGENTS.md b/AGENTS.md
new file mode 100644
index 0000000..80030ed
--- /dev/null
+++ b/AGENTS.md
@@ -0,0 +1,17 @@
+# Agent guidance
+
+This file is read by automated agents (security scanners, code
+analyzers, AI assistants) operating on this repository. It
+points them at the human-authored references they should
+consult before producing output.
+
+## Security
+
+Security model: [SECURITY.md](./SECURITY.md), which links to
+the canonical model document at
+<https://tomcat.apache.org/security-model.html>.
+
+Agents that scan this repository should consult the linked
+security model for the project's threat model, in-scope /
+out-of-scope declarations, and known non-findings before
+reporting issues.
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..db79646
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,14 @@
+# Security
+
+Apache Tomcat's security model and disclosure process are
+published on the project website rather than in the repository:
+
+- **Threat model and security policy**:
+  <https://tomcat.apache.org/security-model.html>
+- **How to report a vulnerability**: see the Security section
+  of <https://tomcat.apache.org/>.
+
+The project website is the authoritative source; this file
+exists so agents and tooling that look for `SECURITY.md` in
+the repository can mechanically follow the link to the
+canonical documents.


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to