セキュリティとプライバシー条項¶
ちなみに
Weblate では、セキュリティはユーザーのプライバシーを尊重する環境を維持します。
Weblate の開発は、`Linux Foundation の Core Infrastructure Initiative のベストプラクティス<https://bestpractices.coreinfrastructure.org/projects/552>`_ に従っています。
参考
Tracking dependencies for vulnerabilities¶
Security issues in our dependencies are monitored using Dependabot. This covers the Python and JavaScript libraries, and the latest stable release has its dependencies updated to avoid vulnerabilities.
ヒント
There might be vulnerabilities in third-party libraries which do not affect Weblate, so those are not addressed by releasing bugfix versions of Weblate.
Docker container security¶
The Docker containers are scanned using Anchore and Trivy.
This allows us to detect vulnerabilities early and release improvements quickly.
You can get the results of these scans at GitHub — they are stored as artifacts on our CI in the SARIF format (Static Analysis Results Interchange Format).