-
Notifications
You must be signed in to change notification settings - Fork 10
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #117 from giselles-ai/security-txt
Create `security.txt` and add a GH Actions workflow to remind you of its updates
- Loading branch information
Showing
3 changed files
with
47 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
name: Create an issue to remind updating of security.txt | ||
|
||
on: | ||
workflow_dispatch: | ||
schedule: | ||
- cron: "0 0 1 6,12 *" # Every year on 6/1 and 12/1 at 9:00am JST | ||
|
||
jobs: | ||
get_date: | ||
runs-on: ubuntu-latest | ||
timeout-minutes: 5 | ||
steps: | ||
- name: Get this month | ||
id: get_this_month | ||
run: | | ||
echo "this_month=$(date +%Y/%m)" >> "$GITHUB_OUTPUT" | ||
outputs: | ||
this_month: ${{ steps.get_this_month.outputs.this_month }} | ||
create_issue: | ||
needs: get_date | ||
uses: route06/actions/.github/workflows/create_gh_issue.yml@v2 | ||
permissions: | ||
contents: read | ||
issues: write | ||
with: | ||
title: "[Action Required] Update security.txt - ${{ needs.get_date.outputs.this_month }} Maintenance" | ||
description_template_path: .github/workflows/templates/create_issue_security_txt.md |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
## Summary | ||
|
||
This issue reminds you to update your `security.txt` file to comply with the latest standards and maintain its relevance. | ||
|
||
🔗 [RFC 9116: A File Format to Aid in Security Vulnerability Disclosure](https://www.rfc-editor.org/rfc/rfc9116) | ||
|
||
> The "Expires" field indicates the date and time after which the data contained in the "security.txt" file is considered stale and should not be used (as per Section 5.3). (snip) It is RECOMMENDED that the value of this field be less than a year into the future to avoid staleness. | ||
## What to do | ||
|
||
Please create a pull request to address the following tasks: | ||
|
||
* Update the `Expires` field in `security.txt` to a date less than a year in the future | ||
* Review and update any other fields in the file to ensure they remain accurate and relevant |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
Contact: mailto:[email protected] | ||
Expires: 2024-12-31T23:59:59Z | ||
|
||
Preferred-Languages: en, ja | ||
Policy: https://github.com/giselles-ai/giselle/security/policy | ||
Canonical: https://studio.giselles.ai/.well-known/security.txt |