Skip to content

Latest commit

 

History

History
37 lines (26 loc) · 2.4 KB

SECURITY.md

File metadata and controls

37 lines (26 loc) · 2.4 KB

Security

NVIDIA is dedicated to the security and trust of our software products and services, including all source code repositories managed through our organization.

If you need to report a security issue, please use the appropriate contact points outlined below. Please do not report security vulnerabilities through GitHub/GitLab.

Reporting Potential Security Vulnerability in an NVIDIA Product


To report a potential security vulnerability in any NVIDIA product:

Code Static Analysis

In our commitment to maintaining the highest standards of code quality and security, we have enabled GitHub's Code Static Analysis scanning on our repositories. Static Analysis is a powerful tool for analyzing the codebase for potential vulnerabilities.

  • Scope: CodeQL scanning is activated across all branches of this repository.
  • Frequency: Scans are conducted regularly on new commits to ensure continuous integration and delivery are secure.
  • Results Handling: Any identified vulnerabilities or code issues are reviewed and addressed promptly by our development team.
  • Community Contribution: We welcome contributions to enhance our CodeQL queries. If you have suggestions or improvements, please submit a pull request or contact us via the outlined channels.

Secrets Scanning

To further bolster our repository's security, we have implemented GitHub's secrets scanning feature. This feature helps detect and prevent accidental commits of sensitive information such as passwords, private keys, and API tokens.

  • Active Scanning: Secrets scanning is active on all branches of this repository.
  • Alerts and Notifications: In the event that a potential secret is committed to the repository, an alert is generated. These alerts are reviewed and addressed swiftly by our security team.
  • Prevention and Education: We continuously educate our contributors about best practices in handling secrets and sensitive data. We encourage the use of environment variables and secure vaults for managing secrets.