From 55ff69067e12d556caa3042ee165b7a6120f3363 Mon Sep 17 00:00:00 2001 From: Alessandro Ros Date: Sun, 31 Aug 2025 16:57:27 +0200 Subject: [PATCH] docs: add security page (#4922) --- .github/workflows/release.yml | 4 ++-- SECURITY.md | 4 ++-- docs/4-other/3-security.md | 21 +++++++++++++++++++ ...-specifications.md => 4-specifications.md} | 0 ...ated-projects.md => 5-related-projects.md} | 0 5 files changed, 25 insertions(+), 4 deletions(-) create mode 100644 docs/4-other/3-security.md rename docs/4-other/{3-specifications.md => 4-specifications.md} (100%) rename docs/4-other/{4-related-projects.md => 5-related-projects.md} (100%) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 983fc491..d30dad0d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -62,8 +62,8 @@ jobs: + `\n` + `## Security\n` + `\n` - + `Binaries have been produced by the [Release workflow](https://github.com/${owner}/${repo}/actions/workflows/release.yml)` - + ` without human intervention.\n` + + `Binaries are compiled from source through the [Release workflow](https://github.com/${owner}/${repo}/actions/workflows/release.yml) without human intervention,` + + ` preventing any external interference.` + `\n` + 'You can verify that binaries have been produced by the workflow by using [GitHub Attestations](https://docs.github.com/en/actions/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-to-establish-provenance-for-builds):\n' + `\n` diff --git a/SECURITY.md b/SECURITY.md index d16acad6..449e41e7 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,3 +1,3 @@ -# Security Policy +# Security -Vulnerabilities can be reported privately by using the [Security Advisory](https://github.com/bluenviron/mediamtx/security/advisories/new) feature of GitHub. +Check the [Security page](https://mediamtx.org/docs/other/security) on the website. diff --git a/docs/4-other/3-security.md b/docs/4-other/3-security.md new file mode 100644 index 00000000..861017db --- /dev/null +++ b/docs/4-other/3-security.md @@ -0,0 +1,21 @@ +# Security + +## Reporting vulnerabilities + +Vulnerabilities can be reported privately by using the [Security Advisory](https://github.com/bluenviron/mediamtx/security/advisories/new) feature of GitHub. + +## Binaries + +Binaries are compiled from source through the [Release workflow](https://github.com/bluenviron/mediamtx/actions/workflows/release.yml) without human intervention, preventing any external interference. + +You can verify that binaries have been produced by the workflow by using [GitHub Attestations](https://docs.github.com/en/actions/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-to-establish-provenance-for-builds): + +```sh +ls mediamtx_* | xargs -L1 gh attestation verify --repo bluenviron/mediamtx +``` + +You can verify the binaries checksum by downloading `checksums.sha256` and running: + +```sh +cat checksums.sha256 | grep "$(ls mediamtx_*)" | sha256sum --check +``` diff --git a/docs/4-other/3-specifications.md b/docs/4-other/4-specifications.md similarity index 100% rename from docs/4-other/3-specifications.md rename to docs/4-other/4-specifications.md diff --git a/docs/4-other/4-related-projects.md b/docs/4-other/5-related-projects.md similarity index 100% rename from docs/4-other/4-related-projects.md rename to docs/4-other/5-related-projects.md