Skip to content

NIFI-16033 Add AGENTS.md and SECURITY.md security-model discoverability #97

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
exceptionfactory merged 1 commit into from
Jun 20, 2026
Merged

NIFI-16033 Add AGENTS.md and SECURITY.md security-model discoverability #97

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions AGENTS.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
<!-- SPDX-License-Identifier: Apache-2.0 -->

# Agent Guide for Apache NiFi

This file is read by automated agents (security scanners, code
analyzers, AI assistants) operating on this repository.

## Security

Security model: [SECURITY.md](./SECURITY.md)

Agents that scan this repository should consult `SECURITY.md` and the
threat model it links before reporting issues.

The project security model is published at https://nifi.apache.org/documentation/security/#security-model linked in SECURITY.md.
36 changes: 36 additions & 0 deletions SECURITY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
<!-- SPDX-License-Identifier: Apache-2.0 -->

# Security Policy

## Reporting a Vulnerability

Apache NiFi welcomes the responsible reporting of security vulnerabilities.
The NiFi team believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology.
If you believe you've found a security issue in our product or service, we encourage you to notify us.
We will work with you to resolve the issue promptly.

## Disclosure Policy

* Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.
* Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.
* Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.

## Exclusions

While researching, please refrain from:

- Denial of service
- Spamming
- Social engineering (including phishing) of Apache NiFi staff or contractors
- Any physical attempts against Apache NiFi property or data centers

## Reporting Methods

- NiFi Security Mailing List: [security@nifi.apache.org](mailto:security@nifi.apache.org)
- Members of the [Project Management Committee](https://nifi.apache.org/people.html) monitor this private mailing list and respond to disclosures

## Threat Model

What the project treats as in scope and out of scope, the security
properties it provides and disclaims, the adversary model, and how
findings are triaged are documented in the project [Security Model](https://nifi.apache.org/documentation/security/#security-model).
Loading