SECURITY.md

To report a vulnerability for the OSAL subsystem pleasesubmit an issue.

For general cFS vulnerabilities pleaseopen a cFS framework issue and see ourtop-level security policy for additional information.

In either case please use the "Bug Report" template and provide as much information as possible. Apply appropriate labels for each report. For security related reports, tag the issue with the "security" label.

Disclaimer: nasa/OSAL is not responsible for any liability incurred under theApache License 2.0.

Testing is an important aspect our team values to improve OSAL.

To view tools used for the cFS bundle, see ourtop-level security policy.

TheOSAL CodeQL GitHub Actions workflow is available to the public. To review the results, fork the OSAL repository and run the CodeQL workflow.

CodeQL is ran for every push and pull-request on all branches of OSAL in GitHub Actions.

For the CodeQL GitHub Actions setup, visithttps://github.com/github/codeql-action.

TheOSAL Cppcheck GitHub Actions workflow and results are available to the public. To view the results, select a workflow and download the artifacts.

Cppcheck is ran for every push on the main branch and every pull request on all branches of OSAL in Github Actions.

For more information about Cppcheck, visithttp://cppcheck.sourceforge.net/.

For additional support, submit a GitHub issue. You can also email the cfs community atcfs-community@lists.nasa.gov.

You can subscribe to the mailing listhere that includes all the community members/users of the NASA core Flight Software (cFS) product line. The mailing list is used to communicate any information related to the cFS product such as current releases, bug findings and fixes, enhancement requests, community meeting notifications, sending out meeting minutes, etc.

If you wish to report a cybersecurity incident or concern, please contact the NASA Security Operations Center either by phone at 1-877-627-2732 or via email addresssoc@nasa.gov.

There aren’t any published security advisories