actions/setup-uv
12
0
Fork 0
mirror of https://github.com/astral-sh/setup-uv.git synced 2026-06-28 17:00:43 +00:00
Code Activity Actions
setup-uv/SECURITY.md
Zsolt Dollenstein c86fe4ef1f
Add a threat model for setup-uv (#923) 
This adds a threat model for `setup-uv` so security scanners can use it
as a baseline in terms of what's in-, and out of scope.

The TM covers credential recipients, executable and cache boundaries,
and release authority. It treats checkout-selected interpreters, paths,
virtual environments, symlinks, and helpers as delegated project
authority unless they override an explicit workflow choice or cross an
independent cache, runner, remote, or publication boundary.
2026-06-27 21:01:45 +02:00

5 lines
275 B
Markdown
Raw Permalink Blame History

# Security policy
Report suspected vulnerabilities according to [Astral's security policy](https://github.com/astral-sh/.github/blob/main/SECURITY.md).
For this repository's security boundaries and reporting criteria, see the [setup-uv threat model](docs/threat-model.md).
View git blame Copy permalink