Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Update to security policy for CNCF migration#4504

Merged
markmandel merged 3 commits into
agones-dev:mainfrom
galalmounir:feature/security-policy
Apr 24, 2026
Merged

Update to security policy for CNCF migration#4504
markmandel merged 3 commits into
agones-dev:mainfrom
galalmounir:feature/security-policy

Conversation

@galalmounir

@galalmounir galalmounir commented Apr 7, 2026

Copy link
Copy Markdown
Contributor

What type of PR is this?
/kind documentation

What this PR does / Why we need it:
As part of the effort to move Agones to CNCF Issue #24, we need to include a Security Policy.

This PR updates the SECURITY.md file to include a standard security policy. We still need to do the following in the future, however is not a requirement for our move to CNCF.

Future work

  • document incident response
  • run security self-assessment

Which issue(s) this PR fixes: None

@github-actions github-actions Bot added size/S kind/documentation Documentation for Agones labels Apr 7, 2026
@galalmounir galalmounir changed the title initial update to security policy Update to security policy for CNCF migration Apr 7, 2026
@galalmounir

Copy link
Copy Markdown
Contributor Author

Note that we need to enable the Private vulnerability reporting in Settings, but I do not have the proper permissions to do this

@markmandel

Copy link
Copy Markdown
Member

Thanks for digging into this -- curious where you sourced best practices from? Does it align with what other CNCF projects are doing, etc?

Comment thread .github/SECURITY.md Outdated
Agones runs on Kubernetes and extends the API with custom resources and controllers. The security of a deployment depends on correct cluster configuration (for example RBAC, network policies, TLS for the allocator service, and node isolation). Operational guidance appears in the [Agones documentation](https://agones.dev/site/docs/), including [best practices](https://agones.dev/site/docs/guides/best-practices/) and topics such as [service accounts](https://agones.dev/site/docs/advanced/service-accounts/) and the [allocator service](https://agones.dev/site/docs/advanced/allocator-service/).

## Security contacts
Security reports are triaged by the [Agones maintainers](https://github.com/agones-dev/agones/blob/main/OWNERS). Coordinated fixes and public advisories are published through [GitHub Security Advisories](https://github.com/agones-dev/agones/security/advisories) when appropriate.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

whoops, gonna fix that now

@galalmounir

Copy link
Copy Markdown
Contributor Author

Thanks for digging into this -- curious where you sourced best practices from? Does it align with what other CNCF projects are doing, etc?

it was mostly the CNCF Security Guidelines page and checked a few repos:

  • K8s has a very simple policy on GitHub, but more on their website
  • Prometheus is very similar with a landing page in GitHub linking to their policy on their website
  • On the flip side, Thanos has the whole policy on Github but doesnt include all/most of the recommended best practices from CNCF.

Signed-off-by: Galal Hassan <[email protected]>
@galalmounir galalmounir force-pushed the feature/security-policy branch from bf9ef96 to ae7ae54 Compare April 11, 2026 21:27
@galalmounir galalmounir requested a review from markmandel April 11, 2026 21:29
@markmandel

Copy link
Copy Markdown
Member

🔥 sounds good. Since security - @agones-dev/approvers (and @igooch - since still waiting on your to accept your invite 😁 ) -- any additional thoughts? I'm happy to enable the GitHub vulnerability submission tool. CNCF does have it on their list of tools to use.

I did notice that many of the CNCF templates at https://contribute.cncf.io/projects/best-practices/security/security-hygiene/ are broken, which is sad (filed: cncf/contribute-site#351) -- so I assume that's why you ended up going to other projects to see what they were doing, moreso than looking at CNCF templates?

@galalmounir

Copy link
Copy Markdown
Contributor Author

I did notice that many of the CNCF templates at https://contribute.cncf.io/projects/best-practices/security/security-hygiene/ are broken, which is sad (filed: cncf/contribute-site#351) -- so I assume that's why you ended up going to other projects to see what they were doing, moreso than looking at CNCF templates?

thats correct, the security stuff was all outdated. The links that are broken now were working last week though, one of them linked to the CNCF TAG GitHub, which is archived and outdated. However, it was useful for the self-assessment stuff (which we should do sometime in the near-future).

@lacroixthomas

Copy link
Copy Markdown
Collaborator

🔥 sounds good. Since security - @agones-dev/approvers (and @igooch - since still waiting on your to accept your invite 😁 ) -- any additional thoughts? I'm happy to enable the GitHub vulnerability submission tool. CNCF does have it on their list of tools to use.

I did notice that many of the CNCF templates at https://contribute.cncf.io/projects/best-practices/security/security-hygiene/ are broken, which is sad (filed: cncf/contribute-site#351) -- so I assume that's why you ended up going to other projects to see what they were doing, moreso than looking at CNCF templates?

Looking great ! I'm in to enable it as well

@markmandel

Copy link
Copy Markdown
Member

Private Security Advisory is now enabled! Let's get this merged.

@markmandel markmandel enabled auto-merge (squash) April 24, 2026 03:52
@markmandel

Copy link
Copy Markdown
Member

/gcbrun

@agones-bot

Copy link
Copy Markdown
Collaborator

Build Succeeded 🥳

Build Id: 36598df3-bd34-4637-8586-c98b610be1e6

The following development artifacts have been built, and will exist for the next 30 days:

A preview of the website (the last 30 builds are retained):

To install this version:

git fetch https://github.com/googleforgames/agones.git pull/4504/head:pr_4504 && git checkout pr_4504
helm install agones ./install/helm/agones --namespace agones-system --set agones.image.registry=us-docker.pkg.dev/agones-images/ci --set agones.image.tag=1.58.0-dev-364132a

@markmandel markmandel merged commit 4516c11 into agones-dev:main Apr 24, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

kind/documentation Documentation for Agones size/S

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants