archivebox/SECURITY.md

# Security Policy

---

## Security Information

Please see this wiki page for important notices about ArchiveBox security, publishing your archives securely, and the dangers of executing archived JS:

https://github.com/ArchiveBox/ArchiveBox/wiki/Security-Overview

Also see this section of the README about important caveats when running ArchiveBox:

https://github.com/ArchiveBox/ArchiveBox?tab=readme-ov-file#caveats

You can also read these pages for more information about ArchiveBox's internals, development environment, DB schema, and more:

- https://github.com/ArchiveBox/ArchiveBox#archive-layout
- https://github.com/ArchiveBox/ArchiveBox#archivebox-development
- https://github.com/ArchiveBox/ArchiveBox/wiki/Upgrading-or-Merging-Archives
- https://github.com/ArchiveBox/ArchiveBox/wiki/Troubleshooting

---

## Reporting a Vulnerability

We use Github's built-in [Private Reporting](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability) feature to accept vulnerability reports.

1. Go to the Security tab on our Github repo: https://github.com/ArchiveBox/ArchiveBox/security

2. Click the ["Report a Vulnerability"](https://github.com/ArchiveBox/ArchiveBox/security/advisories/new) button

3. Fill out the form to submit the details of the report and it will be securely sent to the maintainers

You can also contact the maintainers via our public [Zulip Chat Server zulip.archivebox.io](https://zulip.archivebox.io) or [Twitter DMs @ArchiveBoxApp](https://twitter.com/ArchiveBoxApp).
Create SECURITY.md policy 2023-10-18 21:40:58 -04:00			`# Security Policy`

			`---`

			`## Security Information`

			`Please see this wiki page for important notices about ArchiveBox security, publishing your archives securely, and the dangers of executing archived JS:`

			`https://github.com/ArchiveBox/ArchiveBox/wiki/Security-Overview`

			`Also see this section of the README about important caveats when running ArchiveBox:`

			`https://github.com/ArchiveBox/ArchiveBox?tab=readme-ov-file#caveats`

			`You can also read these pages for more information about ArchiveBox's internals, development environment, DB schema, and more:`

			`- https://github.com/ArchiveBox/ArchiveBox#archive-layout`
			`- https://github.com/ArchiveBox/ArchiveBox#archivebox-development`
			`- https://github.com/ArchiveBox/ArchiveBox/wiki/Upgrading-or-Merging-Archives`
			`- https://github.com/ArchiveBox/ArchiveBox/wiki/Troubleshooting`

			`---`

			`## Reporting a Vulnerability`

			`We use Github's built-in [Private Reporting](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability) feature to accept vulnerability reports.`

			`1. Go to the Security tab on our Github repo: https://github.com/ArchiveBox/ArchiveBox/security`

Update SECURITY.md 2023-10-19 19:18:32 -04:00			`2. Click the ["Report a Vulnerability"](https://github.com/ArchiveBox/ArchiveBox/security/advisories/new) button`
Create SECURITY.md policy 2023-10-18 21:40:58 -04:00
			`3. Fill out the form to submit the details of the report and it will be securely sent to the maintainers`

			`You can also contact the maintainers via our public [Zulip Chat Server zulip.archivebox.io](https://zulip.archivebox.io) or [Twitter DMs @ArchiveBoxApp](https://twitter.com/ArchiveBoxApp).`