jenkins-infra · daniel-beck · Aug 10, 2022 · Aug 10, 2022 · Dec 4, 2024 · Dec 4, 2024
@@ -0,0 +1,13 @@
+# The following web pages always contain current information about how to report issues:
+Contact: https://www.jenkins.io/security/reporting/
+Contact: https://www.jenkins.io/security/#reporting-vulnerabilities
+
+# We also accept emails sent to this address:
+Contact: mailto:jenkinsci-cert@googlegroups.com
+
+# While team members speak other languages, this is the language common to all
+Preferred-Languages: en
+
+Expires: 2026-01-01T00:00:00.000Z
+Canonical: https://www.jenkins.io/.well-known/security.txt
+Policy: https://www.jenkins.io/security/reporting/
-Policy: https://www.jenkins.io/security/reporting/
+Policy: https://www.jenkins.io/security/reporting/
+Policy: https://github.com/jenkinsci/docker/blob/master/SECURITY.md
-Policy: https://www.jenkins.io/security/reporting/
+Policy: https://www.jenkins.io/security/reporting/
+Policy: https://github.com/jenkinsci/docker/security/policy
-Policy: https://www.jenkins.io/security/reporting/
+Policy: https://www.jenkins.io/security/reporting/
+Policy: https://github.com/jenkinsci/docker/blob/master/SECURITY.md
-Policy: https://www.jenkins.io/security/reporting/
+Policy: https://www.jenkins.io/security/reporting/
+Policy: https://github.com/jenkinsci/docker/security/policy
@@ -38,6 +38,7 @@
   extension Awestruct::Extensions::DataDir.new
 
   extension SolutionPage.new
+  extension WellKnown.new
   extension Releases.new
 
   extension UpgradeGuide.new

@@ -0,0 +1,11 @@
+require 'awestruct/page'
+
+# Workaround for . prefixed directories being ignored
+class WellKnown
+  def execute(site)
+    # TODO Make more generic, iterate over all files in the directory
+    page = site.engine.load_page("#{site.dir}/.well-known/security.txt")
+    page.output_path = "/.well-known/security.txt"
+    site.pages << page
+  end
+end