Skip to content
Snippets Groups Projects
Normal view Permalink
SECURITY.md 1.15 KiB
Newer Older
Tim Bastin's avatar
adds license headers  
Tim Bastin committed
1 2 3 4 5 
<!--
 Copyright 2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH.
 SPDX-License-Identifier: MIT
-->
Sebastian Kawelke's avatar
Initial project setup
Sebastian Kawelke committed
6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 
# Security Policy

## Reporting a Vulnerability

When reporting a vulnerability, you can use GitLabs confidential Issues. Just navigate to the [create a confidential issue](https://gitlab.opencode.de/open-code/badgebackend/badge-api-documentation/-/issues/new?confidential=true) page. This way, maintainers will privately notified first. Afterwards, in a best-case scenario, if the vulnerability is fixed, the report will be made public.

Alternatively, you can report a vulnerability or anomaly to the product development team. This initiates the procedure of a Coordinated Vulnerability Disclosure. The team will then endeavour to develop security patches within a week if possible. The vulnerability is then made public in the course of their publication. If you wish, you can also be published as a reporter.

```text
Contact: mailto:security@zendis.de
Contact: mailto:product-security@zendis.de
Expires: 2025-06-01T21:59:00.000Z
Preferred-Languages: de,en
Canonical: https://zendis.de/security.txt
Hiring: https://zendis.de/karriere
```

Consent

On this website, we use the web analytics service Matomo to analyze and review the use of our website. Through the collected statistics, we can improve our offerings and make them more appealing for you. Here, you can decide whether to allow us to process your data and set corresponding cookies for these purposes, in addition to technically necessary cookies. Further information on data protection—especially regarding "cookies" and "Matomo"—can be found in our privacy policy. You can withdraw your consent at any time.