Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 7 additions & 1 deletion AGENTS.md
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,12 @@ Apache TinkerPop is licensed under Apache License 2.0. Contributions must meet t
* *The contributor remains responsible for what they submit.* Review generated output for licensing, correctness, and
style before committing.

## Security

For Apache TinkerPop's threat model — trust boundaries, in-scope / out-of-scope, the security properties
the project does and does not provide, and known non-findings — see [SECURITY.md](SECURITY.md), which
points to [THREAT_MODEL.md](THREAT_MODEL.md). Consult it before triaging or reporting security issues.

***

## 1. Project overview
Expand Down Expand Up @@ -241,4 +247,4 @@ If AGENTS.md does not clearly cover a situation:
3. Surface the question to human maintainers (for example, by leaving a comment, or drafting a minimal PR that asks for guidance).

This file is intended to help tools act like a careful, well‑informed contributor. When in doubt, defer to human
judgment and the canonical project documentation.
judgment and the canonical project documentation.
30 changes: 30 additions & 0 deletions SECURITY.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->

# Security Policy

Apache TinkerPop's threat model — the assumptions, trust boundaries, what is in and out of scope, the
security properties the project does and does not provide, and known non-findings — is documented in
[THREAT_MODEL.md](THREAT_MODEL.md). Please read it before reporting a security issue.

## Reporting a Vulnerability

Please report security vulnerabilities privately following the
[ASF security process](https://www.apache.org/security/) — email
[security@apache.org](mailto:security@apache.org). Do not open public GitHub issues for security reports.
Loading
Loading