potiuk opened a new pull request, #230: URL: https://github.com/apache/cxf-build-utils/pull/230
**This is a proposal for the CXF PMC to review — please correct, reject, or discuss as needed.** `apache/cxf-build-utils` is shared build utilities for the Apache CXF project. This PR adds a `SECURITY.md` and `AGENTS.md` so an automated scan agent can mechanically discover the project's security model via `AGENTS.md -> SECURITY.md -> model`. Because this repo is build-time tooling rather than a runtime service, both files point at the **Apache CXF umbrella threat model** (https://github.com/apache/cxf/blob/main/THREAT_MODEL.md), which scopes build-time tooling out of the runtime model — rather than duplicating a model here. Context: the ASF Security team is preparing the project for an automated agentic security scan we're piloting; a discoverable model (even a pointer to the umbrella) is what lets the scan resolve scope. The umbrella model is proposed separately in apache/cxf. Questions/pushback welcome. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
