Skip to content

Latest commit

 

History

History
33 lines (20 loc) · 2.26 KB

SECURITY.md

File metadata and controls

33 lines (20 loc) · 2.26 KB

Reporting Security Issues

If you believe you've found a potential security issue in any Cypress Docker image please consider the following:

  • Cypress Docker images released through this repo are convenience images with selected bundled and versioned components.
  • They are intended for use in Continuous Integration (CI) or other non-public, isolated, sandboxed environments.
  • Any security issue must be addressed by the component owner before any related fix can flow into a new Cypress Docker image.
  • Released images are considered frozen and remain released. Newest packages have the tag latest applied.

Debian

Each time a new cypress/factory image is built, it uses the base Docker image defined as BASE_IMAGE in the factory/.env file and installs any additional Debian packages from the stable distribution. This means any security issues which have been resolved by Debian are resolved in a new cypress/factory build. Other Cypress Docker images are built on top of cypress/factory and include any Debian security fixes as well.

Refer to Debian security for further information.

Debian is used in cypress/factory, cypress/base, cypress/browsers and cypress/included Cypress Docker images.

Browsers

Please refer to the associated browser owner's documentation regarding browser security vulnerabilities.

Browsers are included in cypress/browsers and cypress/included Cypress Docker images.

Cypress

For issues with Cypress, we recommend checking the Cypress issue list to see if a vulnerability has already been reported there. Otherwise Cypress Security and Compliance provides more information on reporting a security issue.

Cypress is included only in cypress/included Cypress Docker images.