Create a SECURITY_CONTACTS file

[k8s-triage-robot]

Kubernetes Community repositories must include a
SECURITY_CONTACTS file to define points of contact that can assist with
triaging security issues when requested by the Security Response Committee.

The template for the file can be found in the kubernetes-template-project.

This issue will periodically comment with reminders until SECURITY_CONTACTS has
been created.

To report any issues with this tool, see here.

[tallclair]

/assign @sfowl

What's the status of migrating away from SECURITY_CONTACTS? We should probably disable this bot check for the file.

[k8s-ci-robot]

@tallclair: GitHub didn't allow me to assign the following users: sfowl.

Note that only kubernetes members, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time.
For more information please see the contributor guide

In response to this:

/assign @sfowl

What's the status of migrating away from SECURITY_CONTACTS? We should probably disable this bot check for the file.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[k8s-triage-robot]

Required SECURITY_CONTACTS file still does not exist. Please resolve as soon as possible.

[sfowl]

@tallclair the migration stalled some time ago, I wasn't able to get the proposed changes in, e.g.

kubernetes/community#5398

I could possibly revisit it if there's still enough interest. I would most likely start again from scratch, it ended up being more difficult than I first thought.

[tallclair]

(also responded on slack)
Regarding picking the change back up, I'd recommend splitting it into 2 independent tasks:

1. Add a security_contacts field to OWNERS with just the github handle, and migrate the existing SECURITY_CONTACTS files over.
2. Adding in additional contact information

I think the second tasks is where this stalled last time around, but IMO even just #1 would be useful clean up

[k8s-triage-robot]

kubernetes/committee-security-response still needs a SECURITY_CONTACTS file.
/assign @tallclair @joelsmith @cjcullen @liggitt @tabbysable

[k8s-triage-robot]

Required SECURITY_CONTACTS file still does not exist. Please resolve as soon as possible.

[k8s-triage-robot]

Required SECURITY_CONTACTS file still does not exist. Please resolve as soon as possible.

[k8s-triage-robot]

Required SECURITY_CONTACTS file still does not exist. Please resolve as soon as possible.

[k8s-triage-robot]

Required SECURITY_CONTACTS file still does not exist. Please resolve as soon as possible.

[k8s-triage-robot]

Required SECURITY_CONTACTS file still does not exist. Please resolve as soon as possible.

[k8s-triage-robot]

Required SECURITY_CONTACTS file still does not exist. Please resolve as soon as possible.

[k8s-triage-robot]

Required SECURITY_CONTACTS file still does not exist. Please resolve as soon as possible.

[k8s-triage-robot]

Required SECURITY_CONTACTS file still does not exist. Please resolve as soon as possible.