安全和隐私¶
小技巧
在 Weblate,安全性维护一个重视用户隐私的环境。
Weblate 开发遵循`Linux 基金会核心基础架构计划的最佳实践。<https://bestpractices.coreinfrastructure.org/projects/552>`_。
Tracking dependencies for vulnerabilities¶
We do monitor security issues in our dependencies using Dependabot. This covers Python and JavaScript libraries and latest stable release should have adjusted dependencies to avoid vulnerabilities.
提示
There might be vulnerabilities in third-party libraries which do not affect Weblate, and we do not address these in a bugfix release.
Docker 容器安全¶
The Docker containers are scanned using Anchore and Trivy.
This allows us to detect vulnerabilities early and release an updated version of the container containing fixes.
You can get the results of these scans at GitHub - they are stored as artifacts on our CI as Static Analysis Results Interchange Format (SARIF).
参见