saymrwulf/cryptography
1
0
Fork 0
mirror of https://github.com/saymrwulf/cryptography.git synced 2026-05-14 20:37:55 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fixes #9048 -- document where to find known vulnerabilities (#9055)

Browse source
This commit is contained in:
Alex Gaynor 2023-06-10 16:12:44 -04:00 committed by GitHub
parent 986f0b19b5
commit 2baf62196f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
docs/security.rst
View file

@ -5,6 +5,13 @@ We take the security of ``cryptography`` seriously. The following are a set of
policies we have adopted to ensure that security issues are addressed in a
timely fashion.
Known vulnerabilities
---------------------
A list of all known vulnerabilities in ``cryptography`` can be found on
`osv.dev`_, as well as other ecosystem vulnerability databases. They can
automatically be scanned for using tools such as `pip-audit`_ or `osv-scan`_.
Infrastructure
--------------
@ -87,5 +94,8 @@ The steps for issuing a security release are described in our
:doc:`/doing-a-release` documentation.
.. _`osv.dev`: https://osv.dev/list?ecosystem=PyPI&q=cryptography
.. _`pip-audit`: https://pypi.org/project/pip-audit/
.. _`osv-scan`: https://google.github.io/osv-scanner/
.. _`security advisory page`: https://github.com/pyca/cryptography/security/advisories/new
.. _`main`: https://github.com/pyca/cryptography