potiuk opened a new pull request, #364: URL: https://github.com/apache/trafficserver-ingress-controller/pull/364
## Summary Adds SECURITY.md and AGENTS.md to apache/trafficserver-ingress-controller so the project's security model is mechanically discoverable from the repo root. SECURITY.md references [apache/trafficserver/SECURITY.md](https://github.com/apache/trafficserver/blob/master/SECURITY.md) as the umbrella model for the C++ core, then adds two repo-specific paragraphs covering the trust surfaces that aren't covered by the umbrella: - **Kubernetes admission webhook** — validates Ingress / Service / Endpoints / ConfigMap payloads received from the API server; webhook bodies treated as adversary-controlled input. - **Ingress routing** — Ingress resources → ATS `remap.config` translation; RBAC on `Ingress` create/update is the trust boundary on the outbound routing table. AGENTS.md points coding agents at SECURITY.md for security-model reads (same shape as `apache/trafficserver/AGENTS.md`'s security bridge). Coordinated with the Traffic Server PMC. ## Test plan - N/A — documentation only. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
