-
Notifications
You must be signed in to change notification settings - Fork 601
Security Overview for Contributors
If you need to report a weakness and are not a Magma contributor, use the method documented in the Security tab.
If you are a potential contributor on security but don't yet have an established reputation, first make yourself useful in other ways, like good first issues or good intern projects.
If you are ready to contribute to security, start by getting access to the security repo and Slack channel.
- Security repo: https://github.com/magma/security/
- Slack channel: https://magmacore.slack.com/archives/C03477H8FK4
To request access, you can ask around on Slack, post an issue in the regular repo, ping Lucas Gonze on GitHub, or email security@magmacore.org.
Before adding or updating an action, familiarize yourself with Secure Use of Github Actions.
To organize tickets using a board, use the Security project.
To work on upstream vulnerabilities, use Dependabot alerts on the magma/magma repo. If you need access to that, ask an admin on the magma/magma repo.
Magma Website • Docs • Code • Contributing • Wiki