This is an automated email from the ASF dual-hosted git repository.

DaanHoogland pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/cloudstack.git


The following commit(s) were added to refs/heads/main by this push:
     new 38b674f4426 Add AGENTS.md + SECURITY.md wiring for security-model 
discoverability (#13554)
38b674f4426 is described below

commit 38b674f4426fa8a9ab72ce485b1bdad62e2f1e4f
Author: Jarek Potiuk <[email protected]>
AuthorDate: Mon Jul 13 10:17:13 2026 +0200

    Add AGENTS.md + SECURITY.md wiring for security-model discoverability 
(#13554)
---
 AGENTS.md   | 32 ++++++++++++++++++++++++++++++++
 SECURITY.md | 34 ++++++++++++++++++++++++++++++++++
 2 files changed, 66 insertions(+)

diff --git a/AGENTS.md b/AGENTS.md
new file mode 100644
index 00000000000..4469efa2f49
--- /dev/null
+++ b/AGENTS.md
@@ -0,0 +1,32 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+# Agent Guide for Apache CloudStack
+
+This file is read by automated agents (security scanners, code
+analyzers, AI assistants) operating on this repository.
+
+## Security
+
+Security model: [SECURITY.md](./SECURITY.md)
+
+Agents that scan this repository should consult `SECURITY.md` and the
+threat model it links before reporting issues.
+
+The project-wide security threat model is linked from `SECURITY.md`.
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000000..ba69c086024
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,34 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+# Security Policy
+
+## Reporting a Vulnerability
+
+`apache/cloudstack` follows the [Apache Software Foundation security 
process](https://www.apache.org/security/). Please report suspected
+vulnerabilities privately to `[email protected]`; do not open public GitHub 
issues or pull requests for security reports.
+
+For more details, see https://cloudstack.apache.org/security.html.
+
+## Threat Model
+
+What the project treats as in scope and out of scope, the security
+properties it provides and disclaims, the adversary model, and how
+findings are triaged are documented in the project-wide threat model:
+[draft-THREAT-MODEL.md](draft-THREAT-MODEL.md).

Reply via email to