Skip to content

Add security-model discoverability pointer to the project-wide CloudStack threat model#212

Merged
vishesh92 merged 3 commits into
apache:mainfrom
potiuk:asf-security/draft-threat-model-2026-05-30
Jul 13, 2026
Merged

Add security-model discoverability pointer to the project-wide CloudStack threat model#212
vishesh92 merged 3 commits into
apache:mainfrom
potiuk:asf-security/draft-threat-model-2026-05-30

Conversation

@potiuk

@potiuk potiuk commented May 30, 2026

Copy link
Copy Markdown
Member

Summary

Apache CloudStack's security model is project-wide, not per-repository. This PR replaces the earlier standalone draft-THREAT-MODEL.md in this repo with the standard discoverability chain so automated scanners find the one canonical model:

  • AGENTS.mdSECURITY.md → the project-wide model at
    https://github.com/apache/cloudstack/blob/main/THREAT_MODEL.md

The model lives in apache/cloudstack (see apache/cloudstack#13293); this repo inherits it via the pointer above rather than duplicating it — per the PMC's direction on #13293 to converge on the parent model first. The link resolves once that model lands on main. A thin repo-specific addendum can be added here later if this component needs one.

AGENTS.md carries a one-line SPDX header (it is read by agents on every session); SECURITY.md carries the full ASF header.

@github-actions

github-actions Bot commented May 30, 2026

Copy link
Copy Markdown

✅ Build complete for PR #212.

📦 Binary artifacts are available in the workflow run (expires on July 23, 2026).

Note: Download artifacts by clicking on the workflow run link above, then scroll to the "Artifacts" section.
Artifacts from PR builds are for testing only and may contain unreviewed, malicious code.

Adds a draft project-level security threat-model document
(draft-THREAT-MODEL.md) at repo root, improving discoverability
for automated security scanners running against this repository.
The file follows the rubric format used by several other ASF
projects piloting security-model discoverability.

The "draft-" prefix signals this is a proposal for the PMC to
review, correct, or reject — not a finalised maintainer-blessed
model. Every claim carries a provenance tag (documented /
inferred / maintainer) so reviewers can see where each claim
originates; §14 collects open questions for the maintainers.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@potiuk potiuk force-pushed the asf-security/draft-threat-model-2026-05-30 branch from 42dec55 to 61e10fa Compare May 30, 2026 18:47
@yadvr yadvr requested review from DaanHoogland and vishesh92 June 1, 2026 07:17
@yadvr

yadvr commented Jun 1, 2026

Copy link
Copy Markdown
Member

There's a lot of details in the draft that needs a better set of eyes, so assigning @DaanHoogland @vishesh92 who're also PMC leads on the work.

…po copy

Drop the standalone draft-THREAT-MODEL.md and wire the discoverability chain
AGENTS.md -> SECURITY.md -> the project-wide model in apache/cloudstack
(apache/cloudstack#13293), so scanners find one canonical model and this repo
inherits it rather than duplicating it.

Generated-by: Claude Code
@potiuk potiuk changed the title Add draft project security threat-model document Add security-model discoverability pointer to the project-wide CloudStack threat model Jun 2, 2026
@potiuk

potiuk commented Jun 5, 2026

Copy link
Copy Markdown
Member Author

Thanks @yadvr — routing to @DaanHoogland and @vishesh92 makes sense. These are just discoverability pointers to the project-wide model in #13293, so they'll naturally follow once that lands. Standing by for the leads' review — happy to reshape the pointers to match whatever #13293 settles on. No rush from our side.

@potiuk

potiuk commented Jun 17, 2026

Copy link
Copy Markdown
Member Author

Quick note on CI: this is a docs-only change (AGENTS.md + SECURITY.md), and the red check is the simulator-latest-ci integration job, which the added files can't affect — looks unrelated/flaky rather than anything from this PR. Ready for review whenever convenient; happy to rebase if a clean run would help.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds standard security-model discoverability files to point this repository’s security posture to the canonical, project-wide Apache CloudStack threat model (rather than maintaining a repo-local copy).

Changes:

  • Add SECURITY.md describing vulnerability reporting and linking to the project-wide threat model.
  • Add AGENTS.md to guide automated agents/scanners to SECURITY.md (and, transitively, the project threat model).

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
SECURITY.md Introduces a security policy and a pointer to the project-wide threat model.
AGENTS.md Adds an agent-facing entry point that directs scanners/assistants to SECURITY.md.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread SECURITY.md
**project-wide CloudStack threat model** rather than a per-repository copy. What the
project treats as in scope and out of scope, the security properties it provides and
disclaims, the adversary model, and how findings are triaged are documented in that
model: <https://github.com/apache/cloudstack/blob/main/THREAT_MODEL.md>.

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch. The target merged into apache/cloudstack under the name draft-THREAT-MODEL.md, so this THREAT_MODEL.md pointer 404s. Rather than point at the draft name, I've opened apache/cloudstack#13599 to rename the file to the canonical THREAT_MODEL.md — that's the name scanners and satellite SECURITY.md pointers follow, and it makes this link resolve once it lands. No change needed on this repo's side.

Comment thread SECURITY.md Outdated
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings July 13, 2026 06:11

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

Comment thread SECURITY.md
Comment on lines +31 to +35
model: <https://github.com/apache/cloudstack/blob/main/THREAT_MODEL.md>.

(That link resolves once the project-wide model lands on `apache/cloudstack`'s
`main` branch — see apache/cloudstack#13293. A thin `cloudstack-cloudmonkey`-specific
addendum can be added here later if this component needs one.)
@vishesh92

Copy link
Copy Markdown
Member

Merging for now. We can revisit later if any changes are required here.

@vishesh92 vishesh92 merged commit de36f6d into apache:main Jul 13, 2026
4 of 5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants