Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/cpan-security/software-security-policy

Software::Security::Policy - packages that provide templated Security Policys
https://github.com/cpan-security/software-security-policy

cpan perl policy security

Last synced: about 3 hours ago
JSON representation

Software::Security::Policy - packages that provide templated Security Policys

Host: GitHub
URL: https://github.com/cpan-security/software-security-policy
Owner: CPAN-Security
License: other
Created: 2025-01-04T18:11:40.000Z (8 days ago)
Default Branch: main
Last Pushed: 2025-01-12T15:14:56.000Z (about 10 hours ago)
Last Synced: 2025-01-12T16:21:57.610Z (about 9 hours ago)
Topics: cpan, perl, policy, security
Language: Perl
Homepage: https://metacpan.org/pod/Software::Security::Policy
Size: 59.6 KB
Stars: 1
Watchers: 6
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README
- Changelog: Changes
- License: LICENSE
- Security: SECURITY.md

Awesome Lists containing this project

README

        NAME

    Software::Security::Policy - packages that provide templated Security

    Policys

VERSION

    version 0.07

SYNOPSIS

      use strict;

      use warnings;

      use Software::Security::Policy::Individual;

      my $policy = Software::Security::Policy::Individual->new({

        maintainer  => 'Timothy Legge ',

        program     => 'Software::Security::Policy',

        timeframe   => '7 days',

        url         => 'https://github.com/CPAN-Security/Software-Security-Policy/blob/main/SECURITY.md',

        perl_support_years   => '10',

      });

      print $policy->fulltext, "\n";

DESCRIPTION

    This is a framework for generating a SECURITY.md file to your Perl

    distributions that will let people know:

    1. How to contact the maintainers if they find a security issue with

    your software

    2. What software will be supported for security issues

    The contact point is very important for modules that have been around

    for a long time and have had several authors over the years. When there

    is a long list of maintainers, it's not clear who to contact.

    You don't want people reporting security vulnerabilities in public on

    the RT or GitHub issues for your project, nor do you want a post on IRC,

    Reddit or social media about it.

    If your software is on GitHub, you can set up private vulnerability

     reporting. GitLab has a similar system.

    Otherwise, a single email address is acceptable. An alias that forwards

    to all of the maintainers or at the very least, a single maintainer who

    has agreed to that role will work.

    It's also important to realise as a maintainer that you are not on your

    own when you receive a vulnerability report. You are welcome and even

    encouraged to reach out to CPANSec for assistance triaging and fixing

    the issue, as well as handling notifications and reporting.

    The supported software version may seem obvious, but it's important to

    spell out: will you be updating only the latest version? What versions

    of Perl will you support? If your module uses or embeds other libraries,

    how will they be supported?

ATTRIBUTES

  program

    the name of software for use in the middle of a sentence

  Program

    the name of software for use in the beginning of a sentence

    "program" and "Program" arguments may be specified both, either one or

    none. Each argument, if not specified, is defaulted to another one, or

    to properly capitalized "this program", if both arguments are omitted.

METHODS

  summary

    This method returns a snippet of text, usually a few lines, indicating

    the maintainer as well as an indication of the policy under which the

    software is maintained.

  security_policy

    This method returns the full text of the policy.

  fulltext

    This method returns the complete text of the policy (summary and

    policy).

  name

    This method returns the name of the policy, suitable for shoving in the

    middle of a sentence, generally with a leading capitalized "The."

  version

    This method returns the version of the policy. If the security policy is

    not versioned, this method will return undef.

SEE ALSO

    The specific policy:

    Extra policys are maintained on CPAN in separate modules.

AUTHOR

    Timothy Legge 

COPYRIGHT AND LICENSE

    This software is copyright (c) 2025 by Timothy Legge

    .

    This is free software; you can redistribute it and/or modify it under

    the same terms as the Perl 5 programming language system itself.