[PATCH] gitlab: update bug template for sec issues & tool assistance

[PATCH] gitlab: update bug template for sec issues & tool assistance

[Daniel P. Berrangé]

Warn that a security issue must have the "confidential" flag
set and that any findings from automated tools must be validated
before submission.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
 .gitlab/issue_templates/bug.md | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/.gitlab/issue_templates/bug.md b/.gitlab/issue_templates/bug.md
index e20f586008..faeeb00225 100644
--- a/.gitlab/issue_templates/bug.md
+++ b/.gitlab/issue_templates/bug.md
@@ -13,8 +13,9 @@ older than this should be reported to the distribution instead.
 See https://www.qemu.org/contribute/report-a-bug/ for additional
 guidance.
 
-If this is a security issue, please consult
-https://www.qemu.org/contribute/security-process/
+If this is a security issue, ensure this ticket is marked 'confidential'
+before submission. See https://www.qemu.org/contribute/security-process/
+for additional guidance
 -->
 
 ## Host environment
@@ -49,6 +50,12 @@ https://www.qemu.org/contribute/security-process/
 2.
 3.
 
+<!--
+Note: if this issue was discovered with the assistance of automated
+tooling LLM, static analysis, fuzzers), the reporter must disclose
+that in the description. The steps to reproduce, and any other findings,
+must be fully validated by the user of the tool prior to submission.
+-->
 
 ## Additional information
 
-- 
2.54.0

Re: [PATCH] gitlab: update bug template for sec issues & tool assistance

[Alex Bennée]

Daniel P. Berrangé <berrange@redhat.com> writes:

> Warn that a security issue must have the "confidential" flag
> set and that any findings from automated tools must be validated
> before submission.
>
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

Queued to testing/next, thanks.
<snip>

-- 
Alex Bennée
Virtualisation Tech Lead @ Linaro