From 04d87689f40da4bca0d225e83af6427ac7a7ca98 Mon Sep 17 00:00:00 2001 From: Jarek Potiuk Date: Wed, 8 Jul 2026 12:41:58 +0200 Subject: [PATCH] Add AGENTS.md + SECURITY.md security-model pointer for scanner discoverability Generated-by: Claude Code --- AGENTS.md | 32 ++++++++++++++++++++++++++++++++ SECURITY.md | 32 ++++++++++++++++++++++++++++++++ 2 files changed, 64 insertions(+) create mode 100644 AGENTS.md create mode 100644 SECURITY.md diff --git a/AGENTS.md b/AGENTS.md new file mode 100644 index 0000000..88b365c --- /dev/null +++ b/AGENTS.md @@ -0,0 +1,32 @@ + + +# Agent Guide for maven-deploy-plugin + +This file is read by automated agents (security scanners, code +analyzers, AI assistants) operating on this repository. + +## Security + +Security model: [SECURITY.md](./SECURITY.md) + +Agents that scan this repository should consult `SECURITY.md` and the +threat model it links before reporting issues. + +Points at the Apache Maven family umbrella security model. diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..1cbe543 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,32 @@ + + +# Security Policy + +## Reporting a Vulnerability + +`apache/maven-deploy-plugin` follows the [Apache Software Foundation security process](https://www.apache.org/security/). Please report suspected +vulnerabilities privately to `security@apache.org`; do not open public +GitHub issues or pull requests for security reports. + +## Threat Model + +What the project treats as in scope and out of scope, the security +properties it provides and disclaims, the adversary model, and how +findings are triaged are documented in .