mirror of
https://github.com/bluenviron/mediamtx.git
synced 2025-12-19 17:50:03 -08:00
docs: add security page (#4922)
Some checks failed
code_lint / golangci_lint (push) Has been cancelled
code_lint / mod_tidy (push) Has been cancelled
code_lint / api_docs (push) Has been cancelled
code_test / test_64 (push) Has been cancelled
code_test / test_32 (push) Has been cancelled
code_test / test_e2e (push) Has been cancelled
Some checks failed
code_lint / golangci_lint (push) Has been cancelled
code_lint / mod_tidy (push) Has been cancelled
code_lint / api_docs (push) Has been cancelled
code_test / test_64 (push) Has been cancelled
code_test / test_32 (push) Has been cancelled
code_test / test_e2e (push) Has been cancelled
This commit is contained in:
Alessandro Ros
GitHub
parent
3ed918bfca
commit
55ff69067e
5 changed files with 25 additions and 4 deletions
4
.github/workflows/release.yml
vendored
4
.github/workflows/release.yml
vendored
|
|
@ -62,8 +62,8 @@ jobs:
|
|||
+ `\n`
|
||||
+ `## Security\n`
|
||||
+ `\n`
|
||||
+ `Binaries have been produced by the [Release workflow](https://github.com/${owner}/${repo}/actions/workflows/release.yml)`
|
||||
+ ` without human intervention.\n`
|
||||
+ `Binaries are compiled from source through the [Release workflow](https://github.com/${owner}/${repo}/actions/workflows/release.yml) without human intervention,`
|
||||
+ ` preventing any external interference.`
|
||||
+ `\n`
|
||||
+ 'You can verify that binaries have been produced by the workflow by using [GitHub Attestations](https://docs.github.com/en/actions/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-to-establish-provenance-for-builds):\n'
|
||||
+ `\n`
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
# Security Policy
|
||||
# Security
|
||||
|
||||
Vulnerabilities can be reported privately by using the [Security Advisory](https://github.com/bluenviron/mediamtx/security/advisories/new) feature of GitHub.
|
||||
Check the [Security page](https://mediamtx.org/docs/other/security) on the website.
|
||||
|
|
|
|||
21
docs/4-other/3-security.md
Normal file
21
docs/4-other/3-security.md
Normal file
|
|
@ -0,0 +1,21 @@
|
|||
# Security
|
||||
|
||||
## Reporting vulnerabilities
|
||||
|
||||
Vulnerabilities can be reported privately by using the [Security Advisory](https://github.com/bluenviron/mediamtx/security/advisories/new) feature of GitHub.
|
||||
|
||||
## Binaries
|
||||
|
||||
Binaries are compiled from source through the [Release workflow](https://github.com/bluenviron/mediamtx/actions/workflows/release.yml) without human intervention, preventing any external interference.
|
||||
|
||||
You can verify that binaries have been produced by the workflow by using [GitHub Attestations](https://docs.github.com/en/actions/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-to-establish-provenance-for-builds):
|
||||
|
||||
```sh
|
||||
ls mediamtx_* | xargs -L1 gh attestation verify --repo bluenviron/mediamtx
|
||||
```
|
||||
|
||||
You can verify the binaries checksum by downloading `checksums.sha256` and running:
|
||||
|
||||
```sh
|
||||
cat checksums.sha256 | grep "$(ls mediamtx_*)" | sha256sum --check
|
||||
```
|
||||
Loading…
Add table
Add a link
Reference in a new issue