openzipkin / zipkin-gcp

Reporters and collectors for use in Google Cloud Platform
https://cloud.google.com/trace/docs/zipkin
Apache License 2.0
91 stars 55 forks source link

Adds SECURITY.md and scanning workflow #222

Closed codefromthecrypt closed 7 months ago

codefromthecrypt commented 7 months ago

This adds SECURITY.md and a scanning workflow, using Trivy. In particular, this clarifies what we use to scan for vulnerabilities (Trivy, not anything else), and the only channel likely to be responded to on a significant issue (zipkin-admin email, not advisories as people ignored them).

This is the same approach as approved and merged in https://github.com/openzipkin/zipkin-reporter-java/pull/267