diff --git a/content/projects/_index.md b/content/projects/_index.md
index 478a79ca..7c6d3fe9 100644
--- a/content/projects/_index.md
+++ b/content/projects/_index.md
@@ -55,7 +55,7 @@ Use the tabs below to jump to projects by their initial. Every project lists a s
- Advisories:\
[activemq.apache.org](https://activemq.apache.org/security-advisories)
- Security page:\
- [github.com](https://github.com/apache/activemq/blob/main/SECURITY.md)
+ [github.com](https://github.com/apache/activemq/security/policy)
-
**Apache AGE**
- **Security contact:**\
[security@apache.org](mailto:security@apache.org?subject=%5BFINDING%5D%20Apache%20AGE)
@@ -554,7 +554,7 @@ Use the tabs below to jump to projects by their initial. Every project lists a s
- Advisories:\
[httpd.apache.org](https://httpd.apache.org/security/vulnerabilities_24.html)
- Security page:\
- [github.com](https://github.com/apache/httpd/blob/trunk/SECURITY.md)
+ [github.com](https://github.com/apache/httpd/security/policy)
-
**Apache HttpComponents**
- **Security contact:**\
[security@apache.org](mailto:security@apache.org?subject=%5BFINDING%5D%20Apache%20HttpComponents)
@@ -602,7 +602,7 @@ Use the tabs below to jump to projects by their initial. Every project lists a s
- Advisories (experimental):\
[security.apache.org](/projects/impala/)
- Security page:\
- [github.com](https://github.com/apache/impala/blob/master/SECURITY.md)
+ [github.com](https://github.com/apache/impala/security/policy)
-
**Apache InLong**
- **Security contact:**\
[security@apache.org](mailto:security@apache.org?subject=%5BFINDING%5D%20Apache%20InLong)
@@ -912,7 +912,7 @@ Use the tabs below to jump to projects by their initial. Every project lists a s
- Advisories (experimental):\
none so far
- Security page:\
- [github.com](https://github.com/apache/paimon/blob/master/SECURITY.md)
+ [github.com](https://github.com/apache/paimon/security/policy)
-
**Apache Parquet**
- **Security contact:**\
[security@apache.org](mailto:security@apache.org?subject=%5BFINDING%5D%20Apache%20Parquet)
@@ -1203,7 +1203,7 @@ Use the tabs below to jump to projects by their initial. Every project lists a s
- Advisories:\
[superset.apache.org](https://superset.apache.org/docs/security/cves)
- Security page:\
- [github.com](https://github.com/apache/superset/blob/master/.github/SECURITY.md)
+ [github.com](https://github.com/apache/superset/security/policy)
-
**Apache Synapse**
- **Security contact:**\
[security@apache.org](mailto:security@apache.org?subject=%5BFINDING%5D%20Apache%20Synapse)
diff --git a/content/projects/activemq/_index.md b/content/projects/activemq/_index.md
index 34e37e03..5435e574 100644
--- a/content/projects/activemq/_index.md
+++ b/content/projects/activemq/_index.md
@@ -6,11 +6,11 @@ layout: single
# Reporting
-Do you want disclose a potential security issue for Apache ActiveMQ? You can read more about the projects' security policy on their [security page](https://github.com/apache/activemq/blob/main/SECURITY.md), and email your report to the [Apache Security Team](mailto:security@apache.org).
+Do you want disclose a potential security issue for Apache ActiveMQ? You can read more about the projects' security policy on their [security page](https://github.com/apache/activemq/security/policy), and email your report to the [Apache Security Team](mailto:security@apache.org).
# Advisories
-This section is experimental: it provides advisories since 2023 and may lag behind the official CVE publications. It may also lack details found on the [project security page](https://github.com/apache/activemq/blob/main/SECURITY.md). If you have any feedback on how you would like this data to be provided, you are welcome to reach out on our public [mailinglist](/mailinglist) or privately on [security@apache.org](mailto:security@apache.org)
+This section is experimental: it provides advisories since 2023 and may lag behind the official CVE publications. It may also lack details found on the [project security page](https://github.com/apache/activemq/security/policy). If you have any feedback on how you would like this data to be provided, you are welcome to reach out on our public [mailinglist](/mailinglist) or privately on [security@apache.org](mailto:security@apache.org)
{.bg-warning}
## Temporary destination ownership takeover ## { #CVE-2026-54475 }
diff --git a/content/projects/httpd/_index.md b/content/projects/httpd/_index.md
index 1119bb4b..ef2431ab 100644
--- a/content/projects/httpd/_index.md
+++ b/content/projects/httpd/_index.md
@@ -6,11 +6,11 @@ layout: single
# Reporting
-Do you want disclose a potential security issue for Apache HTTP Server? You can read more about the projects' security policy on their [security page](https://github.com/apache/httpd/blob/trunk/SECURITY.md), and email your report to the [Apache HTTP Server Security Team](mailto:security@httpd.apache.org).
+Do you want disclose a potential security issue for Apache HTTP Server? You can read more about the projects' security policy on their [security page](https://github.com/apache/httpd/security/policy), and email your report to the [Apache HTTP Server Security Team](mailto:security@httpd.apache.org).
# Advisories
-This section is experimental: it provides advisories since 2023 and may lag behind the official CVE publications. It may also lack details found on the [project security page](https://github.com/apache/httpd/blob/trunk/SECURITY.md). If you have any feedback on how you would like this data to be provided, you are welcome to reach out on our public [mailinglist](/mailinglist) or privately on [security@apache.org](mailto:security@apache.org)
+This section is experimental: it provides advisories since 2023 and may lag behind the official CVE publications. It may also lack details found on the [project security page](https://github.com/apache/httpd/security/policy). If you have any feedback on how you would like this data to be provided, you are welcome to reach out on our public [mailinglist](/mailinglist) or privately on [security@apache.org](mailto:security@apache.org)
{.bg-warning}
## mod_http2 denial of service ## { #CVE-2026-49975 }
diff --git a/content/projects/impala/_index.md b/content/projects/impala/_index.md
index 416831e3..5acef8cd 100644
--- a/content/projects/impala/_index.md
+++ b/content/projects/impala/_index.md
@@ -6,11 +6,11 @@ layout: single
# Reporting
-Do you want disclose a potential security issue for Apache Impala? You can read more about the projects' security policy on their [security page](https://github.com/apache/impala/blob/master/SECURITY.md), and email your report to the [Apache Security Team](mailto:security@apache.org).
+Do you want disclose a potential security issue for Apache Impala? You can read more about the projects' security policy on their [security page](https://github.com/apache/impala/security/policy), and email your report to the [Apache Security Team](mailto:security@apache.org).
# Advisories
-This section is experimental: it provides advisories since 2023 and may lag behind the official CVE publications. It may also lack details found on the [project security page](https://github.com/apache/impala/blob/master/SECURITY.md). If you have any feedback on how you would like this data to be provided, you are welcome to reach out on our public [mailinglist](/mailinglist) or privately on [security@apache.org](mailto:security@apache.org)
+This section is experimental: it provides advisories since 2023 and may lag behind the official CVE publications. It may also lack details found on the [project security page](https://github.com/apache/impala/security/policy). If you have any feedback on how you would like this data to be provided, you are welcome to reach out on our public [mailinglist](/mailinglist) or privately on [security@apache.org](mailto:security@apache.org)
{.bg-warning}
## Impala logs contain secrets ## { #CVE-2021-28131 }
diff --git a/content/projects/superset/_index.md b/content/projects/superset/_index.md
index 41be3c82..60150291 100644
--- a/content/projects/superset/_index.md
+++ b/content/projects/superset/_index.md
@@ -6,11 +6,11 @@ layout: single
# Reporting
-Do you want disclose a potential security issue for Apache Superset? You can read more about the projects' security policy on their [security page](https://github.com/apache/superset/blob/master/.github/SECURITY.md), and email your report to the [Apache Superset Security Team](mailto:security@superset.apache.org).
+Do you want disclose a potential security issue for Apache Superset? You can read more about the projects' security policy on their [security page](https://github.com/apache/superset/security/policy), and email your report to the [Apache Superset Security Team](mailto:security@superset.apache.org).
# Advisories
-This section is experimental: it provides advisories since 2023 and may lag behind the official CVE publications. It may also lack details found on the [project security page](https://github.com/apache/superset/blob/master/.github/SECURITY.md). If you have any feedback on how you would like this data to be provided, you are welcome to reach out on our public [mailinglist](/mailinglist) or privately on [security@apache.org](mailto:security@apache.org)
+This section is experimental: it provides advisories since 2023 and may lag behind the official CVE publications. It may also lack details found on the [project security page](https://github.com/apache/superset/security/policy). If you have any feedback on how you would like this data to be provided, you are welcome to reach out on our public [mailinglist](/mailinglist) or privately on [security@apache.org](mailto:security@apache.org)
{.bg-warning}
## SQLLab Read-Only Bypass on PostgreSQL ## { #CVE-2026-23984 }
diff --git a/scripts/check-coordinates-with-doap.py b/scripts/check-coordinates-with-doap.py
index cb71b642..2fc206ff 100755
--- a/scripts/check-coordinates-with-doap.py
+++ b/scripts/check-coordinates-with-doap.py
@@ -29,7 +29,8 @@ def fetch_doap(url):
# manually maintained
with open('project-coordinates.json', 'r') as p:
- project_coordinates = json.load(p)
+ # Drop editor-only meta keys (e.g. "$schema"); every remaining key is a project.
+ project_coordinates = {k: v for k, v in json.load(p).items() if not k.startswith('$')}
from rdflib.namespace import DefinedNamespace, Namespace
from rdflib.term import URIRef
diff --git a/scripts/project-coordinates.json b/scripts/project-coordinates.json
index b5e3ea31..9374ad6d 100644
--- a/scripts/project-coordinates.json
+++ b/scripts/project-coordinates.json
@@ -1,14 +1,17 @@
{
+ "$schema": "./project-coordinates.schema.json",
"accumulo": {
"name": "Apache Accumulo",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/accumulo/default.png"
},
"activemq": {
"name": "Apache ActiveMQ",
- "link": "https://github.com/apache/activemq/blob/main/SECURITY.md",
+ "security_model_link": "https://github.com/apache/activemq/security/policy",
+ "security_model_source": "https://raw.githubusercontent.com/apache/activemq/main/SECURITY.md",
"advisory_link": "https://activemq.apache.org/security-advisories",
"contact": "security@apache.org",
"contributing": "https://activemq.apache.org/contributing",
@@ -16,21 +19,24 @@
},
"age": {
"name": "Apache AGE",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/age/default.png"
},
"airavata": {
"name": "Apache Airavata",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/airavata/default.png"
},
"airflow": {
"name": "Apache Airflow",
- "link": "https://airflow.apache.org/docs/apache-airflow/stable/security/security_model.html",
+ "security_model_link": "https://airflow.apache.org/docs/apache-airflow/stable/security/security_model.html",
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@airflow.apache.org",
"contributing": "https://airflow.apache.org/community/",
@@ -38,21 +44,24 @@
},
"allura": {
"name": "Apache Allura",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/allura/default.png"
},
"ambari": {
"name": "Apache Ambari",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@ambari.apache.org",
"logo_link": "https://www.apache.org/logos/res/ambari/default.png"
},
"answer": {
"name": "Apache Answer",
- "link": "https://answer.apache.org/community/security-model",
+ "security_model_link": "https://answer.apache.org/community/security-model",
+ "security_model_source": null,
"advisory_link": "https://answer.apache.org/community/security/",
"contact": "security@apache.org",
"contributing": "https://answer.apache.org/community/contributing",
@@ -60,118 +69,138 @@
},
"ant": {
"name": "Apache Ant",
- "link": "https://ant.apache.org/security.html",
+ "security_model_link": "https://ant.apache.org/security.html",
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/ant/default.png"
},
"apisix": {
"name": "Apache APISIX",
- "link": "https://github.com/apache/apisix/blob/master/THREAT_MODEL.md",
+ "security_model_link": "https://github.com/apache/apisix/blob/master/THREAT_MODEL.md",
+ "security_model_source": "https://raw.githubusercontent.com/apache/apisix/master/THREAT_MODEL.md",
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/apisix/default.png"
},
"apr": {
"name": "Apache Portable Runtime (APR)",
- "link": "https://apr.apache.org/security_report.html",
+ "security_model_link": "https://apr.apache.org/security_report.html",
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/apr/default.png"
},
"archiva": {
"name": "Apache Archiva",
- "link": "https://archiva.apache.org/security.html",
+ "security_model_link": "https://archiva.apache.org/security.html",
+ "security_model_source": null,
"advisory_link": "https://archiva.apache.org/security.html",
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/archiva/default.png"
},
"aries": {
"name": "Apache Aries",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/aries/default.png"
},
"arrow": {
"name": "Apache Arrow",
- "link": "https://arrow.apache.org/docs/dev/format/Security.html",
+ "security_model_link": "https://arrow.apache.org/docs/dev/format/Security.html",
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/arrow/default.png"
},
"artemis": {
"name": "Apache Artemis",
- "link": "https://github.com/apache/artemis/blob/main/docs/user-manual/threat-model.adoc",
+ "security_model_link": "https://github.com/apache/artemis/blob/main/docs/user-manual/threat-model.adoc",
+ "security_model_source": "https://raw.githubusercontent.com/apache/artemis/main/docs/user-manual/threat-model.adoc",
"advisory_link": "https://artemis.apache.org/components/artemis/security",
"contact": "security@apache.org",
- "contributing": "https://artemis.apache.org/contributing"
+ "contributing": "https://artemis.apache.org/contributing",
+ "logo_link": null
},
"asterixdb": {
"name": "Apache AsterixDB",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/asterixdb/default.png"
},
"atlas": {
"name": "Apache Atlas",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/atlas/default.png"
},
"avro": {
"name": "Apache Avro",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/avro/default.png"
},
"axis": {
"name": "Apache Axis",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
- "contributing": "https://avro.apache.org/community/"
+ "contributing": "https://avro.apache.org/community/",
+ "logo_link": null
},
"baremaps": {
"name": "Apache Baremaps",
- "link": "https://github.com/apache/incubator-baremaps/blob/main/SECURITY.md",
+ "security_model_link": "https://github.com/apache/incubator-baremaps/security/policy",
+ "security_model_source": "https://raw.githubusercontent.com/apache/incubator-baremaps/main/SECURITY.md",
"advisory_link": null,
- "contact": "security@apache.org"
+ "contact": "security@apache.org",
+ "logo_link": null
},
"beam": {
"name": "Apache Beam",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/beam/default.png"
},
"bigtop": {
"name": "Apache Bigtop",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/bigtop/default.png"
},
"bookkeeper": {
"name": "Apache BookKeeper",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/bookkeeper/default.png"
},
"brooklyn": {
"name": "Apache Brooklyn",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/brooklyn/default.png"
},
"brpc": {
"name": "Apache bRPC",
- "link": "https://github.com/apache/brpc/blob/master/THREAT_MODEL.md",
+ "security_model_link": "https://github.com/apache/brpc/blob/master/THREAT_MODEL.md",
+ "security_model_source": "https://raw.githubusercontent.com/apache/brpc/master/THREAT_MODEL.md",
"advisory_link": null,
"contact": "security@apache.org",
"contributing": "https://brpc.apache.org/docs/community/community/",
@@ -179,41 +208,48 @@
},
"buildstream": {
"name": "Apache BuildStream",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
- "contact": "security@apache.org"
+ "contact": "security@apache.org",
+ "logo_link": null
},
"bval": {
"name": "Apache BVal",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/bval/default.png"
},
"calcite": {
"name": "Apache Calcite",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/calcite/default.png"
},
"camel": {
"name": "Apache Camel",
- "link": "https://camel.apache.org/manual/security-model.html",
+ "security_model_link": "https://camel.apache.org/manual/security-model.html",
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/camel/default.png"
},
"carbondata": {
"name": "Apache Carbondata",
- "link": "https://carbondata.apache.org/security.html",
+ "security_model_link": "https://carbondata.apache.org/security.html",
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/carbondata/default.png"
},
"cassandra": {
"name": "Apache Cassandra",
- "link": "https://cassandra.apache.org/doc/latest/cassandra/managing/operating/security.html",
+ "security_model_link": "https://cassandra.apache.org/doc/latest/cassandra/managing/operating/security.html",
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"contributing": "https://cassandra.apache.org/_/community.html#how-to-contribute",
@@ -221,35 +257,40 @@
},
"causeway": {
"name": "Apache Causeway",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/causeway/default.png"
},
"cayenne": {
"name": "Apache Cayenne",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/cayenne/default.png"
},
"celeborn": {
"name": "Apache Celeborn",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/celeborn/default.png"
},
"celix": {
"name": "Apache Celix",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/celix/default.png"
},
"cloudstack": {
"name": "Apache CloudStack",
- "link": "https://cloudstack.apache.org/security/",
+ "security_model_link": "https://cloudstack.apache.org/security/",
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"contributing": "https://cloudstack.apache.org/contribute",
@@ -257,146 +298,168 @@
},
"commons": {
"name": "Apache Commons",
- "link": "https://commons.apache.org/security.html",
+ "security_model_link": "https://commons.apache.org/security.html",
+ "security_model_source": null,
"advisory_link": "https://commons.apache.org/security.html#Known_Security_Vulnerabilities",
"contact": "security@commons.apache.org",
"logo_link": "https://www.apache.org/logos/res/commons/default.png"
},
"cordova": {
"name": "Apache Cordova",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/cordova/default.png"
},
"couchdb": {
"name": "Apache CouchDB",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@couchdb.apache.org",
"logo_link": "https://www.apache.org/logos/res/couchdb/default.png"
},
"creadur": {
"name": "Apache Creadur",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/creadur/default.png"
},
"ctakes": {
"name": "Apache cTAKES",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/ctakes/default.png"
},
"curator": {
"name": "Apache Curator",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/curator/default.png"
},
"cxf": {
"name": "Apache CXF",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/cxf/default.png"
},
"daffodil": {
"name": "Apache Daffodil",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/daffodil/default.png"
},
"datafu": {
"name": "Apache DataFu",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/datafu/default.png"
},
"datafusion": {
"name": "Apache DataFusion",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
- "contact": "security@apache.org"
+ "contact": "security@apache.org",
+ "logo_link": null
},
"datasketches": {
"name": "Apache DataSketches",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/datasketches/default.png"
},
"db": {
"name": "Apache DB",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/db/default.png"
},
"deltaspike": {
"name": "Apache DeltaSpike",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/deltaspike/default.png"
},
"devlake": {
"name": "Apache DevLake",
- "link": "https://devlake.apache.org/docs/v1.0/GettingStarted/Authentication",
+ "security_model_link": "https://devlake.apache.org/docs/v1.0/GettingStarted/Authentication",
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/devlake/default.png"
},
"directory": {
"name": "Apache Directory",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/directory/default.png"
},
"dolphinscheduler": {
"name": "Apache DolphinScheduler",
- "link": "https://github.com/apache/dolphinscheduler/blob/dev/docs/docs/en/contribute/join/security.md",
+ "security_model_link": "https://github.com/apache/dolphinscheduler/blob/dev/docs/docs/en/contribute/join/security.md",
+ "security_model_source": "https://raw.githubusercontent.com/apache/dolphinscheduler/dev/docs/docs/en/contribute/join/security.md",
"advisory_link": null,
"contact": "security@dolphinscheduler.apache.org",
"logo_link": "https://www.apache.org/logos/res/dolphinscheduler/default.png"
},
"doris": {
"name": "Apache Doris",
- "link": "https://doris.apache.org/docs/dev/admin-manual/auth/security-overview",
+ "security_model_link": "https://doris.apache.org/docs/dev/admin-manual/auth/security-overview",
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/doris/default.png"
},
"drill": {
"name": "Apache Drill",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/drill/default.png"
},
"druid": {
"name": "Apache Druid",
- "link": "https://druid.apache.org/docs/latest/operations/security-overview.html",
+ "security_model_link": "https://druid.apache.org/docs/latest/operations/security-overview.html",
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/druid/default.png"
},
"dubbo": {
"name": "Apache Dubbo",
- "link": "https://dubbo.apache.org/en/docs/notices/security/",
+ "security_model_link": "https://dubbo.apache.org/en/docs/notices/security/",
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@dubbo.apache.org",
"logo_link": "https://www.apache.org/logos/res/dubbo/default.png"
},
"echarts": {
"name": "Apache ECharts",
- "link": "https://echarts.apache.org/handbook/en/best-practices/security/#",
+ "security_model_link": "https://echarts.apache.org/handbook/en/best-practices/security/#",
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"contributing": "https://echarts.apache.org/en/contributing.html",
@@ -404,48 +467,56 @@
},
"empire-db": {
"name": "Apache Empire-db",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
- "contact": "security@apache.org"
+ "contact": "security@apache.org",
+ "logo_link": null
},
"eventmesh": {
"name": "Apache EventMesh",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/eventmesh/default.png"
},
"felix": {
"name": "Apache Felix",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/felix/default.png"
},
"fineract": {
"name": "Apache Fineract",
- "link": "https://fineract.apache.org/security.html",
+ "security_model_link": "https://fineract.apache.org/security.html",
+ "security_model_source": null,
"advisory_link": "https://fineract.apache.org/security.html",
"contact": "security@fineract.apache.org",
"logo_link": "https://www.apache.org/logos/res/fineract/default.png"
},
"flagon": {
"name": "Apache Flagon",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/flagon/default.png"
},
"flex": {
"name": "Apache Flex",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/flex/default.png"
},
"flink": {
"name": "Apache Flink",
- "link": "https://flink.apache.org/what-is-flink/security/",
+ "security_model_link": "https://flink.apache.org/what-is-flink/security/",
+ "security_model_source": null,
"advisory_link": "https://flink.apache.org/what-is-flink/security/",
"contact": "security@apache.org",
"contributing": "https://flink.apache.org/how-to-contribute/overview/",
@@ -453,62 +524,72 @@
},
"fory": {
"name": "Apache Fory",
- "link": "https://fory.apache.org/security/",
+ "security_model_link": "https://fory.apache.org/security/",
+ "security_model_source": null,
"advisory_link": "https://fory.apache.org/security/",
- "contact": "security@apache.org"
+ "contact": "security@apache.org",
+ "logo_link": null
},
"freemarker": {
"name": "Apache FreeMarker",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/freemarker/default.png"
},
"geode": {
"name": "Apache Geode",
- "link": "https://geode.apache.org/docs/guide/20/security/security_model.html",
+ "security_model_link": "https://geode.apache.org/docs/guide/20/security/security_model.html",
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/geode/default.png"
},
"geronimo": {
"name": "Apache Geronimo",
- "link": "https://geronimo.apache.org/security-reports.html",
+ "security_model_link": "https://geronimo.apache.org/security-reports.html",
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@geronimo.apache.org",
"logo_link": "https://www.apache.org/logos/res/geronimo/default.png"
},
"gluten": {
"name": "Apache Gluten",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/gluten/default.png"
},
"gobblin": {
"name": "Apache Gobblin",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/gobblin/default.png"
},
"grails": {
"name": "Apache Grails",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/grails/default.png"
},
"gravitino": {
"name": "Apache Gravitino",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/gravitino/default.png"
},
"groovy": {
"name": "Apache Groovy",
- "link": "https://github.com/apache/groovy/blob/master/THREAT_MODEL.md",
+ "security_model_link": "https://github.com/apache/groovy/blob/master/THREAT_MODEL.md",
+ "security_model_source": "https://raw.githubusercontent.com/apache/groovy/master/THREAT_MODEL.md",
"advisory_link": null,
"contact": "security@apache.org",
"contributing": "https://groovy.apache.org/#contribute-btn",
@@ -516,28 +597,32 @@
},
"guacamole": {
"name": "Apache Guacamole",
- "link": "https://guacamole.apache.org/security/",
+ "security_model_link": "https://guacamole.apache.org/security/",
+ "security_model_source": null,
"advisory_link": "https://guacamole.apache.org/security/",
"contact": "security@guacamole.apache.org",
"logo_link": "https://www.apache.org/logos/res/guacamole/default.png"
},
"gump": {
"name": "Apache Gump",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/gump/default.png"
},
"hadoop": {
"name": "Apache Hadoop",
- "link": "https://hadoop.apache.org/mailing_lists.html",
+ "security_model_link": "https://hadoop.apache.org/mailing_lists.html",
+ "security_model_source": null,
"advisory_link": "https://hadoop.apache.org/cve_list.html",
"contact": "security@hadoop.apache.org",
"logo_link": "https://www.apache.org/logos/res/hadoop/default.png"
},
"hbase": {
"name": "Apache HBase",
- "link": "https://hbase.apache.org/security-model/",
+ "security_model_link": "https://hbase.apache.org/security-model/",
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"contributing": "https://hbase.apache.org/#community",
@@ -545,14 +630,16 @@
},
"helix": {
"name": "Apache Helix",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/helix/default.png"
},
"hertzbeat": {
"name": "Apache Hertzbeat",
- "link": "https://hertzbeat.apache.org/docs/help/security_model/",
+ "security_model_link": "https://hertzbeat.apache.org/docs/help/security_model/",
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"contributing": "https://hertzbeat.apache.org/docs/community/contribution",
@@ -560,21 +647,24 @@
},
"hive": {
"name": "Apache Hive",
- "link": "https://hive.apache.org/mailing_lists.html",
+ "security_model_link": "https://hive.apache.org/mailing_lists.html",
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@hive.apache.org",
"logo_link": "https://www.apache.org/logos/res/hive/default.png"
},
"hop": {
"name": "Apache Hop",
- "link": "https://hop.apache.org/security/",
+ "security_model_link": "https://hop.apache.org/security/",
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/hop/default.png"
},
"httpcomponents": {
"name": "Apache HttpComponents",
- "link": "https://hc.apache.org/security.html",
+ "security_model_link": "https://hc.apache.org/security.html",
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"contributing": "https://hc.apache.org/get-involved.html",
@@ -582,7 +672,8 @@
},
"httpd": {
"name": "Apache HTTP Server",
- "link": "https://github.com/apache/httpd/blob/trunk/SECURITY.md",
+ "security_model_link": "https://github.com/apache/httpd/security/policy",
+ "security_model_source": "https://raw.githubusercontent.com/apache/httpd/trunk/SECURITY.md",
"advisory_link": "https://httpd.apache.org/security/vulnerabilities_24.html",
"contact": "security@httpd.apache.org",
"contributing": "https://httpd.apache.org/dev/",
@@ -590,21 +681,24 @@
},
"hudi": {
"name": "Apache Hudi",
- "link": "https://hudi.apache.org/contribute/security",
+ "security_model_link": "https://hudi.apache.org/contribute/security",
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/hudi/default.png"
},
"hugegraph": {
"name": "Apache HugeGraph",
- "link": "https://hugegraph.apache.org/docs/guides/security",
+ "security_model_link": "https://hugegraph.apache.org/docs/guides/security",
+ "security_model_source": null,
"advisory_link": "https://hugegraph.apache.org/docs/guides/security",
"contact": "security@hugegraph.apache.org",
"logo_link": "https://www.apache.org/logos/res/hugegraph/default.png"
},
"iceberg": {
"name": "Apache Iceberg",
- "link": "https://iceberg.apache.org/security/",
+ "security_model_link": "https://iceberg.apache.org/security/",
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@iceberg.apache.org",
"contributing": "https://iceberg.apache.org/community/",
@@ -612,7 +706,8 @@
},
"ignite": {
"name": "Apache Ignite",
- "link": "https://ignite.apache.org/docs/ignite3/3.1.0/understand/architecture/security#security-model",
+ "security_model_link": "https://ignite.apache.org/docs/ignite3/3.1.0/understand/architecture/security#security-model",
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@ignite.apache.org",
"contributing": "https://ignite.apache.org/community/#contributing",
@@ -620,77 +715,88 @@
},
"impala": {
"name": "Apache Impala",
- "link": "https://github.com/apache/impala/blob/master/SECURITY.md",
+ "security_model_link": "https://github.com/apache/impala/security/policy",
+ "security_model_source": "https://raw.githubusercontent.com/apache/impala/master/SECURITY.md",
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/impala/default.png"
},
"inlong": {
"name": "Apache InLong",
- "link": "https://inlong.apache.org/docs/next/security/",
+ "security_model_link": "https://inlong.apache.org/docs/next/security/",
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/inlong/default.png"
},
"iotdb": {
"name": "Apache IoTDB",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/iotdb/default.png"
},
"jackrabbit": {
"name": "Apache Jackrabbit",
- "link": "https://jackrabbit.apache.org/jcr/security-reports.html",
+ "security_model_link": "https://jackrabbit.apache.org/jcr/security-reports.html",
+ "security_model_source": null,
"advisory_link": "https://jackrabbit.apache.org/jcr/security-reports.html",
"contact": "security@jackrabbit.apache.org",
"logo_link": "https://www.apache.org/logos/res/jackrabbit/default.png"
},
"james": {
"name": "Apache James",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/james/default.png"
},
"jena": {
"name": "Apache Jena",
- "link": "https://github.com/apache/jena/blob/main/THREAT_MODEL.md",
+ "security_model_link": "https://github.com/apache/jena/blob/main/THREAT_MODEL.md",
+ "security_model_source": "https://raw.githubusercontent.com/apache/jena/main/THREAT_MODEL.md",
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/jena/default.png"
},
"jmeter": {
"name": "Apache JMeter",
- "link": "https://jmeter.apache.org/security.html",
+ "security_model_link": "https://jmeter.apache.org/security.html",
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/jmeter/default.png"
},
"johnzon": {
"name": "Apache Johnzon",
- "link": "https://johnzon.apache.org/security.html",
+ "security_model_link": "https://johnzon.apache.org/security.html",
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/johnzon/default.png"
},
"jspwiki": {
"name": "Apache JSPWiki",
- "link": "https://jspwiki-wiki.apache.org/Wiki.jsp?page=Security",
+ "security_model_link": "https://jspwiki-wiki.apache.org/Wiki.jsp?page=Security",
+ "security_model_source": null,
"advisory_link": "https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE",
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/jspwiki/default.png"
},
"juneau": {
"name": "Apache Juneau",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/juneau/default.png"
},
"kafka": {
"name": "Apache Kafka",
- "link": "https://kafka.apache.org/project-security.html",
+ "security_model_link": "https://kafka.apache.org/project-security.html",
+ "security_model_source": null,
"advisory_link": "https://kafka.apache.org/cve-list.html",
"contact": "security@kafka.apache.org",
"dependency_advisory_triage": "https://github.com/apache/kafka/blob/trunk/gradle/resources/dependencycheck-suppressions.xml",
@@ -698,42 +804,48 @@
},
"karaf": {
"name": "Apache Karaf",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/karaf/default.png"
},
"knox": {
"name": "Apache Knox",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/knox/default.png"
},
"kudu": {
"name": "Apache Kudu",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/kudu/default.png"
},
"kvrocks": {
"name": "Apache Kvrocks",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/kvrocks/default.png"
},
"kylin": {
"name": "Apache Kylin",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/kylin/default.png"
},
"kyuubi": {
"name": "Apache Kyuubi",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@kyuubi.apache.org",
"contributing": "https://kyuubi.apache.org/mailing_lists.html",
@@ -741,76 +853,88 @@
},
"libcloud": {
"name": "Apache Libcloud",
- "link": "https://libcloud.apache.org/security.html",
+ "security_model_link": "https://libcloud.apache.org/security.html",
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@libcloud.apache.org",
"logo_link": "https://www.apache.org/logos/res/libcloud/default.png"
},
"linkis": {
"name": "Apache Linkis",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/linkis/default.png"
},
"livy": {
"name": "Apache Livy",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/livy/default.png"
},
"logging": {
"name": "Apache Logging",
- "link": "https://logging.apache.org/security.html",
+ "security_model_link": "https://logging.apache.org/security.html",
+ "security_model_source": null,
"advisory_link": "https://logging.apache.org/security.html",
- "contact": "security@logging.apache.org"
+ "contact": "security@logging.apache.org",
+ "logo_link": null
},
"lucene": {
"name": "Apache Lucene",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@lucene.apache.org",
"logo_link": "https://www.apache.org/logos/res/lucene/default.png"
},
"lucenenet": {
"name": "Apache Lucene.NET",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/lucenenet/default.png"
},
"madlib": {
"name": "Apache MADlib",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/madlib/default.png"
},
"magpie": {
"name": "Apache Magpie",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/magpie/default.png"
},
"mahout": {
"name": "Apache Mahout",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/mahout/default.png"
},
"manifoldcf": {
"name": "Apache ManifoldCF",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/manifoldcf/default.png"
},
"maven": {
"name": "Apache Maven",
- "link": "https://maven.apache.org/security.html",
+ "security_model_link": "https://maven.apache.org/security.html",
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"contributing": "https://maven.apache.org/developers/index.html",
@@ -818,125 +942,144 @@
},
"metron": {
"name": "Apache Metron",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
- "contact": "security@metron.apache.org"
+ "contact": "security@metron.apache.org",
+ "logo_link": null
},
"mina": {
"name": "Apache MINA",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/mina/default.png"
},
"myfaces": {
"name": "Apache MyFaces",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/myfaces/default.png"
},
"mynewt": {
"name": "Apache Mynewt",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/mynewt/default.png"
},
"netbeans": {
"name": "Apache NetBeans",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/netbeans/default.png"
},
"nifi": {
"name": "Apache NiFi",
- "link": "https://nifi.apache.org/documentation/security/",
+ "security_model_link": "https://nifi.apache.org/documentation/security/",
+ "security_model_source": null,
"advisory_link": "https://nifi.apache.org/documentation/security/",
"contact": "security@nifi.apache.org",
"logo_link": "https://www.apache.org/logos/res/nifi/default.png"
},
"nutch": {
"name": "Apache Nutch",
- "link": "https://nutch.apache.org/documentation/security/#security-model",
+ "security_model_link": "https://nutch.apache.org/documentation/security/#security-model",
+ "security_model_source": null,
"advisory_link": "https://nutch.apache.org/documentation/security/#nutch-cve-list",
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/nutch/default.png"
},
"nuttx": {
"name": "Apache NuttX",
- "link": "https://nuttx.apache.org/docs/latest/security.html",
+ "security_model_link": "https://nuttx.apache.org/docs/latest/security.html",
+ "security_model_source": null,
"advisory_link": "https://nuttx.apache.org/docs/latest/security.html#nuttx-cves",
"contact": "security@nuttx.apache.org",
"logo_link": "https://www.apache.org/logos/res/nuttx/default.png"
},
"ofbiz": {
"name": "Apache OFBiz",
- "link": "https://ofbiz.apache.org/security.html",
+ "security_model_link": "https://ofbiz.apache.org/security.html",
+ "security_model_source": null,
"advisory_link": "https://ofbiz.apache.org/security.html",
"contact": "security@ofbiz.apache.org",
"logo_link": "https://www.apache.org/logos/res/ofbiz/default.png"
},
"opendal": {
"name": "Apache OpenDAL",
- "link": "https://github.com/apache/opendal/blob/main/SECURITY-THREAT-MODEL.md",
+ "security_model_link": "https://github.com/apache/opendal/blob/main/SECURITY-THREAT-MODEL.md",
+ "security_model_source": "https://raw.githubusercontent.com/apache/opendal/main/SECURITY-THREAT-MODEL.md",
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/opendal/default.png"
},
"openjpa": {
"name": "Apache OpenJPA",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/openjpa/default.png"
},
"openmeetings": {
"name": "Apache OpenMeetings",
- "link": "https://openmeetings.apache.org/security.html",
+ "security_model_link": "https://openmeetings.apache.org/security.html",
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@openmeetings.apache.org",
"logo_link": "https://www.apache.org/logos/res/openmeetings/default.png"
},
"opennlp": {
"name": "Apache OpenNLP",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/opennlp/default.png"
},
"openoffice": {
"name": "Apache OpenOffice",
- "link": "https://openoffice.apache.org/security",
+ "security_model_link": "https://openoffice.apache.org/security",
+ "security_model_source": null,
"advisory_link": "https://www.openoffice.org/security/bulletin.html",
"contact": "security@openoffice.apache.org",
"logo_link": "https://www.apache.org/logos/res/openoffice/default.png"
},
"openwebbeans": {
"name": "Apache OpenWebBeans",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/openwebbeans/default.png"
},
"openwhisk": {
"name": "Apache OpenWhisk",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/openwhisk/default.png"
},
"orc": {
"name": "Apache ORC",
- "link": "https://orc.apache.org/security/",
+ "security_model_link": "https://orc.apache.org/security/",
+ "security_model_source": null,
"advisory_link": "https://orc.apache.org/security/",
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/orc/default.png"
},
"ozone": {
"name": "Apache Ozone",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@ozone.apache.org",
"contributing": "https://ozone.apache.org/community/how-to-contribute",
@@ -944,84 +1087,96 @@
},
"paimon": {
"name": "Apache Paimon",
- "link": "https://github.com/apache/paimon/blob/master/SECURITY.md",
+ "security_model_link": "https://github.com/apache/paimon/security/policy",
+ "security_model_source": "https://raw.githubusercontent.com/apache/paimon/master/SECURITY.md",
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/paimon/default.png"
},
"parquet": {
"name": "Apache Parquet",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/parquet/default.png"
},
"pdfbox": {
"name": "Apache PDFBox",
- "link": "https://pdfbox.apache.org/security.html",
+ "security_model_link": "https://pdfbox.apache.org/security.html",
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/pdfbox/default.png"
},
"pekko": {
"name": "Apache Pekko",
- "link": "https://pekko.apache.org/docs/pekko/current/security/index.html",
+ "security_model_link": "https://pekko.apache.org/docs/pekko/current/security/index.html",
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/pekko/default.png"
},
"perl": {
"name": "Apache mod_perl",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/perl/default.png"
},
"phoenix": {
"name": "Apache Phoenix",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/phoenix/default.png"
},
"pig": {
"name": "Apache Pig",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/pig/default.png"
},
"pinot": {
"name": "Apache Pinot",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/pinot/default.png"
},
"plc4x": {
"name": "Apache PLC4X",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/plc4x/default.png"
},
"poi": {
"name": "Apache POI",
- "link": "https://poi.apache.org/security.html",
+ "security_model_link": "https://poi.apache.org/security.html",
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/poi/default.png"
},
"polaris": {
"name": "Apache Polaris",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/polaris/default.png"
},
"pulsar": {
"name": "Apache Pulsar",
- "link": "https://github.com/apache/pulsar/security/policy",
+ "security_model_link": "https://github.com/apache/pulsar/security/policy",
+ "security_model_source": "https://raw.githubusercontent.com/apache/pulsar/master/SECURITY.md",
"advisory_link": null,
"contact": "security@apache.org",
"contributing": "https://pulsar.apache.org/community/#section-contribute",
@@ -1029,14 +1184,16 @@
},
"qpid": {
"name": "Apache Qpid",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/qpid/default.png"
},
"ranger": {
"name": "Apache Ranger",
- "link": "https://cwiki.apache.org/confluence/display/RANGER/Lock+down+Apache+Ranger+for+production+deployments",
+ "security_model_link": "https://cwiki.apache.org/confluence/display/RANGER/Lock+down+Apache+Ranger+for+production+deployments",
+ "security_model_source": null,
"advisory_link": "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger",
"contact": "security@apache.org",
"contributing": "https://rocketmq.apache.org/docs/contributionGuide/01how-to-contribute",
@@ -1044,14 +1201,16 @@
},
"ratis": {
"name": "Apache Ratis",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/ratis/default.png"
},
"rocketmq": {
"name": "Apache RocketMQ",
- "link": "https://rocketmq.apache.org/docs/security/01security/",
+ "security_model_link": "https://rocketmq.apache.org/docs/security/01security/",
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"contributing": "https://rocketmq.apache.org/docs/contributionGuide/01how-to-contribute",
@@ -1059,56 +1218,64 @@
},
"roller": {
"name": "Apache Roller",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/roller/default.png"
},
"royale": {
"name": "Apache Royale",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/royale/default.png"
},
"rya": {
"name": "Apache Rya",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/rya/default.png"
},
"samza": {
"name": "Apache Samza",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/samza/default.png"
},
"santuario": {
"name": "Apache Santuario",
- "link": "https://santuario.apache.org/secadv.html",
+ "security_model_link": "https://santuario.apache.org/secadv.html",
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/santuario/default.png"
},
"sdap": {
"name": "Apache SDAP",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/sdap/default.png"
},
"seata": {
"name": "Apache Seata",
- "link": "https://seata.apache.org/docs/next/security/secret-key",
+ "security_model_link": "https://seata.apache.org/docs/next/security/secret-key",
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/seata/default.png"
},
"seatunnel": {
"name": "Apache SeaTunnel",
- "link": "https://seatunnel.apache.org/security",
+ "security_model_link": "https://seatunnel.apache.org/security",
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"contributing": "https://seatunnel.apache.org/community/contribution_guide/contribute",
@@ -1116,34 +1283,40 @@
},
"sedona": {
"name": "Apache Sedona",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/sedona/default.png"
},
"sentry": {
"name": "Apache Sentry",
- "link": "https://cwiki.apache.org/confluence/display/SENTRY/Vulnerabilities+found+in+Apache+Sentry",
+ "security_model_link": "https://cwiki.apache.org/confluence/display/SENTRY/Vulnerabilities+found+in+Apache+Sentry",
+ "security_model_source": null,
"advisory_link": null,
- "contact": "security@sentry.apache.org"
+ "contact": "security@sentry.apache.org",
+ "logo_link": null
},
"serf": {
"name": "Apache Serf",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/serf/default.png"
},
"servicecomb": {
"name": "Apache ServiceComb",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/servicecomb/default.png"
},
"shardingsphere": {
"name": "Apache ShardingSphere",
- "link": "https://shardingsphere.apache.org/community/en/security/",
+ "security_model_link": "https://shardingsphere.apache.org/community/en/security/",
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"contributing": "https://shardingsphere.apache.org/community/en/involved/",
@@ -1151,14 +1324,16 @@
},
"shenyu": {
"name": "Apache ShenYu",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/shenyu/default.png"
},
"shiro": {
"name": "Apache Shiro",
- "link": "https://shiro.apache.org/security-reports.html",
+ "security_model_link": "https://shiro.apache.org/security-reports.html",
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@shiro.apache.org",
"contributing": "https://github.com/apache/shiro/blob/main/CONTRIBUTING.md",
@@ -1166,35 +1341,40 @@
},
"singa": {
"name": "Apache SINGA",
- "link": "https://singa.apache.org/security.html",
+ "security_model_link": "https://singa.apache.org/security.html",
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@singa.apache.org",
"logo_link": "https://www.apache.org/logos/res/singa/default.png"
},
"sis": {
"name": "Apache SIS",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/sis/default.png"
},
"skywalking": {
"name": "Apache SkyWalking",
- "link": "https://skywalking.apache.org/docs/main/next/en/security/readme/",
+ "security_model_link": "https://skywalking.apache.org/docs/main/next/en/security/readme/",
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/skywalking/default.png"
},
"sling": {
"name": "Apache Sling",
- "link": "https://sling.apache.org/project-information/security.html",
+ "security_model_link": "https://sling.apache.org/project-information/security.html",
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@sling.apache.org",
"logo_link": "https://www.apache.org/logos/res/sling/default.png"
},
"solr": {
"name": "Apache Solr",
- "link": "https://cwiki.apache.org/confluence/display/SOLR/SolrSecurity",
+ "security_model_link": "https://cwiki.apache.org/confluence/display/SOLR/SolrSecurity",
+ "security_model_source": null,
"advisory_link": "https://solr.apache.org/security.html#recent-cve-reports-for-apache-solr",
"contact": "security@solr.apache.org",
"dependency_advisory_triage": "https://solr.apache.org/solr.vex.json",
@@ -1202,14 +1382,16 @@
},
"spamassassin": {
"name": "Apache SpamAssassin",
- "link": "https://cwiki.apache.org/confluence/display/SPAMASSASSIN/SecurityPolicy",
+ "security_model_link": "https://cwiki.apache.org/confluence/display/SPAMASSASSIN/SecurityPolicy",
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@spamassassin.apache.org",
"logo_link": "https://www.apache.org/logos/res/spamassassin/default.png"
},
"spark": {
"name": "Apache Spark",
- "link": "https://spark.apache.org/security.html",
+ "security_model_link": "https://spark.apache.org/security.html",
+ "security_model_source": null,
"advisory_link": "https://spark.apache.org/security.html",
"contact": "security@apache.org",
"contributing": "https://spark.apache.org/contributing.html",
@@ -1217,131 +1399,152 @@
},
"steve": {
"name": "Apache Steve",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/steve/default.png"
},
"storm": {
"name": "Apache Storm",
- "link": "https://storm.apache.org/security-model.html",
+ "security_model_link": "https://storm.apache.org/security-model.html",
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/storm/default.png"
},
"stormcrawler": {
"name": "Apache StormCrawler",
- "link": "https://stormcrawler.apache.org/security/",
+ "security_model_link": "https://stormcrawler.apache.org/security/",
+ "security_model_source": null,
"advisory_link": "https://stormcrawler.apache.org/security/",
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/stormcrawler/default.png"
},
"streampark": {
"name": "Apache StreamPark",
- "link": "https://streampark.apache.org/community/security/",
+ "security_model_link": "https://streampark.apache.org/community/security/",
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/streampark/default.png"
},
"streampipes": {
"name": "Apache StreamPipes",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/streampipes/default.png"
},
"struts": {
"name": "Apache Struts",
- "link": "https://struts.apache.org/security.html",
+ "security_model_link": "https://struts.apache.org/security.html",
+ "security_model_source": null,
"advisory_link": "https://cwiki.apache.org/confluence/display/WW/Security+Bulletins",
"contact": "security@struts.apache.org",
"logo_link": "https://www.apache.org/logos/res/struts/default.png"
},
"subversion": {
"name": "Apache Subversion",
- "link": "https://subversion.apache.org/security/",
+ "security_model_link": "https://subversion.apache.org/security/",
+ "security_model_source": null,
"advisory_link": "https://subversion.apache.org/security/",
"contact": "security@subversion.apache.org",
"logo_link": "https://www.apache.org/logos/res/subversion/default.png"
},
"superset": {
"name": "Apache Superset",
- "link": "https://github.com/apache/superset/blob/master/.github/SECURITY.md",
+ "security_model_link": "https://github.com/apache/superset/security/policy",
+ "security_model_source": "https://raw.githubusercontent.com/apache/superset/master/SECURITY.md",
"advisory_link": "https://superset.apache.org/docs/security/cves",
"contact": "security@superset.apache.org",
"logo_link": "https://www.apache.org/logos/res/superset/default.png"
},
"synapse": {
"name": "Apache Synapse",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/synapse/default.png"
},
"syncope": {
"name": "Apache Syncope",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": "https://syncope.apache.org/security",
+ "contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/syncope/default.png"
},
"systemds": {
"name": "Apache SystemDS",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
- "contact": "security@apache.org"
+ "contact": "security@apache.org",
+ "logo_link": null
},
"tapestry": {
"name": "Apache Tapestry",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/tapestry/default.png"
},
"tcl": {
"name": "Apache Tcl",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/tcl/default.png"
},
"teaclave": {
"name": "Apache Teaclave",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/teaclave/default.png"
},
"tez": {
"name": "Apache Tez",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/tez/default.png"
},
"thrift": {
"name": "Apache Thrift",
- "link": "https://github.com/apache/thrift/blob/master/doc/thrift-threat-model.md",
+ "security_model_link": "https://github.com/apache/thrift/blob/master/doc/thrift-threat-model.md",
+ "security_model_source": "https://raw.githubusercontent.com/apache/thrift/master/doc/thrift-threat-model.md",
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/thrift/default.png"
},
"tika": {
"name": "Apache Tika",
- "link": "https://tika.apache.org/security-model.html",
+ "security_model_link": "https://tika.apache.org/security-model.html",
+ "security_model_source": null,
"advisory_link": "https://tika.apache.org/security.html",
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/tika/default.png"
},
"tinkerpop": {
"name": "Apache TinkerPop",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/tinkerpop/default.png"
},
"tomcat": {
"name": "Apache Tomcat",
- "link": "https://tomcat.apache.org/security.html",
+ "security_model_link": "https://tomcat.apache.org/security.html",
+ "security_model_source": null,
"advisory_link": "https://tomcat.apache.org/security.html",
"contact": "security@tomcat.apache.org",
"contributing": "https://tomcat.apache.org/getinvolved.html",
@@ -1349,167 +1552,192 @@
},
"tomee": {
"name": "Apache TomEE",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/tomee/default.png"
},
"trafficcontrol": {
"name": "Apache Traffic Control",
- "link": "https://trafficcontrol.apache.org/security/index.html",
+ "security_model_link": "https://trafficcontrol.apache.org/security/index.html",
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@trafficcontrol.apache.org",
"logo_link": "https://www.apache.org/logos/res/trafficcontrol/default.png"
},
"trafficserver": {
"name": "Apache Traffic Server",
- "link": "https://github.com/apache/trafficserver/security/policy",
+ "security_model_link": "https://github.com/apache/trafficserver/security/policy",
+ "security_model_source": "https://raw.githubusercontent.com/apache/trafficserver/master/SECURITY.md",
"advisory_link": null,
"contact": "security@trafficserver.apache.org",
"logo_link": "https://www.apache.org/logos/res/trafficserver/default.png"
},
"trafodion": {
"name": "Apache Trafodion",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
- "contact": "security@trafodion.apache.org"
+ "contact": "security@trafodion.apache.org",
+ "logo_link": null
},
"training": {
"name": "Apache Training",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/training/default.png"
},
"tsfile": {
"name": "Apache TsFile",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/tsfile/default.png"
},
"turbine": {
"name": "Apache Turbine",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/turbine/default.png"
},
"tvm": {
"name": "Apache TVM",
- "link": "https://tvm.apache.org/docs/reference/security.html",
+ "security_model_link": "https://tvm.apache.org/docs/reference/security.html",
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/tvm/default.png"
},
"uima": {
"name": "Apache UIMA",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/uima/default.png"
},
"uniffle": {
"name": "Apache Uniffle",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/uniffle/default.png"
},
"unomi": {
"name": "Apache Unomi",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/unomi/default.png"
},
"vcl": {
"name": "Apache VCL",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/vcl/default.png"
},
"velocity": {
"name": "Apache Velocity",
- "link": "https://velocity.apache.org/#security-model",
+ "security_model_link": "https://velocity.apache.org/#security-model",
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/velocity/default.png"
},
"wayang": {
"name": "Apache Wayang",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/wayang/default.png"
},
"whimsy": {
"name": "Apache Whimsy",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/whimsy/default.png"
},
"wicket": {
"name": "Apache Wicket",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/wicket/default.png"
},
"ws": {
"name": "Apache Web Services",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/ws/default.png"
},
"xalan": {
"name": "Apache Xalan",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/xalan/default.png"
},
"xerces": {
"name": "Apache Xerces",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/xerces/default.png"
},
"xmlgraphics": {
"name": "Apache XML Graphics",
- "link": "https://xmlgraphics.apache.org/security.html",
+ "security_model_link": "https://xmlgraphics.apache.org/security.html",
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/xmlgraphics/default.png"
},
"yetus": {
"name": "Apache Yetus",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/yetus/default.png"
},
"yunikorn": {
"name": "Apache YuniKorn",
- "link": null,
+ "security_model_link": null,
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@apache.org",
"logo_link": "https://www.apache.org/logos/res/yunikorn/default.png"
},
"zeppelin": {
"name": "Apache Zeppelin",
- "link": "https://zeppelin.apache.org/security.html",
+ "security_model_link": "https://zeppelin.apache.org/security.html",
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@zeppelin.apache.org",
"logo_link": "https://www.apache.org/logos/res/zeppelin/default.png"
},
"zookeeper": {
"name": "Apache ZooKeeper",
- "link": "https://zookeeper.apache.org/security.html",
+ "security_model_link": "https://zookeeper.apache.org/security.html",
+ "security_model_source": null,
"advisory_link": null,
"contact": "security@zookeeper.apache.org",
"logo_link": "https://www.apache.org/logos/res/zookeeper/default.png"
diff --git a/scripts/project-coordinates.schema.json b/scripts/project-coordinates.schema.json
new file mode 100644
index 00000000..f05c1bb2
--- /dev/null
+++ b/scripts/project-coordinates.schema.json
@@ -0,0 +1,75 @@
+{
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
+ "$id": "https://security.apache.org/schemas/project-coordinates.schema.json",
+ "title": "Apache project security coordinates",
+ "description": "Hand-maintained security coordinates for Apache projects, keyed by PMC/committee id. Consumed by scripts/project-page.py to build the projects overview and by external tools.",
+ "type": "object",
+ "propertyNames": {
+ "pattern": "^(\\$schema|[a-z0-9][a-z0-9-]*)$"
+ },
+ "properties": {
+ "$schema": {
+ "type": "string",
+ "description": "Optional reference to this schema so editors validate the file. Ignored by the site generator (keys starting with '$' are not treated as projects)."
+ }
+ },
+ "additionalProperties": {
+ "$ref": "#/$defs/project"
+ },
+ "$defs": {
+ "urlOrNull": {
+ "type": ["string", "null"],
+ "format": "uri"
+ },
+ "project": {
+ "type": "object",
+ "description": "Security coordinates for a single project. The six core fields are always present (null when unknown) so consumers need no per-field presence checks.",
+ "required": [
+ "name",
+ "security_model_link",
+ "security_model_source",
+ "advisory_link",
+ "contact",
+ "logo_link"
+ ],
+ "additionalProperties": false,
+ "properties": {
+ "name": {
+ "type": "string",
+ "minLength": 1,
+ "description": "Human-readable project name, e.g. \"Apache Kafka\"."
+ },
+ "security_model_link": {
+ "$ref": "#/$defs/urlOrNull",
+ "description": "URL of the project's human-facing (HTML) security page or threat model, shown on the site. Null when the project has none."
+ },
+ "security_model_source": {
+ "$ref": "#/$defs/urlOrNull",
+ "description": "URL of an AI-friendly plain-text/Markdown version of the security page. Not rendered on the site; used by external tooling to fetch text instead of HTML. Null when unavailable."
+ },
+ "advisory_link": {
+ "$ref": "#/$defs/urlOrNull",
+ "description": "URL of the project's published list of security advisories. Null when the project has none."
+ },
+ "contact": {
+ "type": "string",
+ "format": "email",
+ "minLength": 1,
+ "description": "Security reporting address. Defaults to security@apache.org when the project has no dedicated list."
+ },
+ "logo_link": {
+ "$ref": "#/$defs/urlOrNull",
+ "description": "URL of the project logo shown next to its name. Null when no logo is available."
+ },
+ "contributing": {
+ "$ref": "#/$defs/urlOrNull",
+ "description": "Optional URL of the project's contributing guide."
+ },
+ "dependency_advisory_triage": {
+ "$ref": "#/$defs/urlOrNull",
+ "description": "Optional URL of the project's dependency-advisory triage data (e.g. VEX or suppression file)."
+ }
+ }
+ }
+ }
+}
diff --git a/scripts/project-page.py b/scripts/project-page.py
index 9b0a7dee..4907b62c 100755
--- a/scripts/project-page.py
+++ b/scripts/project-page.py
@@ -12,7 +12,8 @@
# manually maintained
with open('project-coordinates.json', 'r') as p:
- project_coordinates = json.load(p)
+ # Drop editor-only meta keys (e.g. "$schema"); every remaining key is a project.
+ project_coordinates = {k: v for k, v in json.load(p).items() if not k.startswith('$')}
# fetched from https://projects.apache.org/json/foundation/committees.json
with open('committees.json', 'r') as cs:
@@ -131,9 +132,9 @@ def project_md_lines(pmc, p):
lines.append(' [security.apache.org](/projects/%s/)' % pmc)
else:
lines.append(' none so far')
- if p.get('link'):
+ if p.get('security_model_link'):
lines.append(' - Security page:\\')
- lines.append(' [%s](%s)' % (urlparse(p['link']).netloc or 'security page', p['link']))
+ lines.append(' [%s](%s)' % (urlparse(p['security_model_link']).netloc or 'security page', p['security_model_link']))
return lines
# Group projects by their initial letter (non-letters bucket under '#').
@@ -198,8 +199,8 @@ def project_md_lines(pmc, p):
""" % (p['name'], p['name']))
project_page.write('# Reporting\n\n')
project_page.write('Do you want disclose a potential security issue for %s? ' % p['name'])
- if 'link' in p.keys() and p['link']:
- project_page.write("You can read more about the projects' security policy on their [security page](%s), and email your report to the " % p['link'])
+ if 'security_model_link' in p.keys() and p['security_model_link']:
+ project_page.write("You can read more about the projects' security policy on their [security page](%s), and email your report to the " % p['security_model_link'])
else:
project_page.write('Send your report to the ')
if not 'contact' in p.keys() or p['contact'] == 'security@apache.org':
@@ -211,8 +212,8 @@ def project_md_lines(pmc, p):
project_page.write('\n\nThis section is experimental: it provides advisories since 2023 and ')
project_page.write('may lag behind the official CVE publications. ')
- if 'link' in p.keys() and p['link']:
- project_page.write('It may also lack details found on the [project security page](%s). ' % p['link'])
+ if 'security_model_link' in p.keys() and p['security_model_link']:
+ project_page.write('It may also lack details found on the [project security page](%s). ' % p['security_model_link'])
project_page.write('If you have any feedback on how you would like this data to be provided, ')
project_page.write('you are welcome to reach out on our public [mailinglist](/mailinglist) or privately ')