|
39 | 39 | * [Build & Run](#build--run) |
40 | 40 | * [Java](#java) |
41 | 41 | * [Kotlin](#kotlin) |
| 42 | + * [Governance model](#governance-model) |
| 43 | + * [Vulnerability reports](#vulnerability-reports) |
| 44 | + * [Security](#security) |
42 | 45 | * [Contributing](#contributing) |
43 | 46 | * [Licensing](#licensing) |
44 | 47 | <!-- TOC --> |
@@ -272,7 +275,7 @@ Example with configuration via environment variables: |
272 | 275 |
|
273 | 276 | #### Start using the Fabric8 Docker-Maven-Plugin |
274 | 277 |
|
275 | | -Our [integration tests](integration-tests) are using the Amazon S3 Client to verify the server functionality against the S3Mock. During the Maven build, the Docker image is started using the [docker-maven-plugin](https://dmp.fabric8.io/) and the corresponding ports are passed to the JUnit test through the `maven-failsafe-plugin`. See [`BucketV2IT`](integration-tests/src/test/kotlin/com/adobe/testing/s3mock/its/BucketV2IT.kt) as an example on how it's used in the code. |
| 278 | +Our [integration tests](integration-tests) are using the Amazon S3 Client to verify the server functionality against the S3Mock. During the Maven build, the Docker image is started using the [docker-maven-plugin](https://dmp.fabric8.io/) and the corresponding ports are passed to the JUnit test through the `maven-failsafe-plugin`. See [`BucketIT`](integration-tests/src/test/kotlin/com/adobe/testing/s3mock/its/BucketIT.kt) as an example on how it's used in the code. |
276 | 279 |
|
277 | 280 | This way, one can easily switch between calling the S3Mock or the real S3 endpoint and this doesn't add any additional Java dependencies to the project. |
278 | 281 |
|
@@ -575,9 +578,23 @@ This repo is built with Java 17, output is _currently_ bytecode compatible with |
575 | 578 | ### Kotlin |
576 | 579 | The [Integration Tests](integration-tests) are built in Kotlin. |
577 | 580 |
|
| 581 | +## Governance model |
| 582 | +
|
| 583 | +The project owner and leads makes all final decisions. See the `developers` section in the [pom.xml](pom.xml) for a list of leads. |
| 584 | +
|
| 585 | +## Vulnerability reports |
| 586 | +
|
| 587 | +S3Mock uses GitHub actions to produce an SBOM and to check dependencies for vulnerabilities. All vulnerabilities are evaluated and fixed if possible. |
| 588 | +Vulnerabilities may also be reported through the GitHub issue tracker. |
| 589 | +
|
| 590 | +## Security |
| 591 | +
|
| 592 | +S3Mock is not intended to be used in production environments. It is a mock server that is meant to be used in development and testing environments only. It does not implement all security features of AWS S3, and should not be used as a replacement for AWS S3 in production. |
| 593 | +It is implemented using [Spring Boot](https://github.com/spring-projects/spring-boot), which is a Java framework that is designed to be secure by default. |
| 594 | +
|
578 | 595 | ## Contributing |
579 | 596 |
|
580 | | -Contributions are welcomed! Read the [Contributing Guide](./.github/CONTRIBUTING.md) for more information. |
| 597 | +Contributions are welcome! Read the [Contributing Guide](./.github/CONTRIBUTING.md) for more information. |
581 | 598 |
|
582 | 599 | ## Licensing |
583 | 600 |
|
|
0 commit comments