From e0887276c3fa7011510e9a202de881eb8a9a4a5b Mon Sep 17 00:00:00 2001 From: Iris Clawd Date: Thu, 26 Mar 2026 17:50:56 +0000 Subject: [PATCH] docs: add top-level Security Policy page across all languages Create a dedicated Security Policy page (docs/{en,pt-BR,ko,ar}/security.mdx) with vulnerability reporting instructions pointing to the Bugcrowd VDP (crewai-vdp-ess@submit.bugcrowd.com), consistent with the updated security policy from PR #5096. The page is added to the Documentation tab navigation (after Telemetry) across all versions and languages in docs.json. This is a top-level security page, not buried inside MCP docs. --- docs/ar/mcp/security.mdx | 14 ++- docs/ar/security.mdx | 22 +++++ docs/docs.json | 170 +++++++++++++++++++++++++++++++++++- docs/en/mcp/security.mdx | 14 ++- docs/en/security.mdx | 22 +++++ docs/ko/mcp/security.mdx | 14 ++- docs/ko/security.mdx | 22 +++++ docs/pt-BR/mcp/security.mdx | 14 ++- docs/pt-BR/security.mdx | 22 +++++ 9 files changed, 309 insertions(+), 5 deletions(-) create mode 100644 docs/ar/security.mdx create mode 100644 docs/en/security.mdx create mode 100644 docs/ko/security.mdx create mode 100644 docs/pt-BR/security.mdx diff --git a/docs/ar/mcp/security.mdx b/docs/ar/mcp/security.mdx index e968ff9f5..f32440aab 100644 --- a/docs/ar/mcp/security.mdx +++ b/docs/ar/mcp/security.mdx @@ -139,7 +139,19 @@ mode: "wide" - **الالتزام بمواصفات ترخيص MCP**: إذا كنت تنفذ المصادقة والترخيص، اتبع بدقة [مواصفات ترخيص MCP](https://modelcontextprotocol.io/specification/draft/basic/authorization). - **تدقيقات أمنية منتظمة**: إذا كان خادم MCP يتعامل مع بيانات حساسة، فكر في إجراء تدقيقات أمنية دورية. -## 5. قراءة إضافية +## 5. الإبلاغ عن الثغرات الأمنية + +إذا اكتشفت ثغرة أمنية في CrewAI، يرجى الإبلاغ عنها بشكل مسؤول من خلال برنامج الكشف عن الثغرات (VDP) الخاص بنا على Bugcrowd: + +**أرسل التقارير إلى:** [crewai-vdp-ess@submit.bugcrowd.com](mailto:crewai-vdp-ess@submit.bugcrowd.com) + + +**لا تكشف** عن الثغرات عبر issues العامة على GitHub أو pull requests أو وسائل التواصل الاجتماعي. لن تتم مراجعة التقارير المقدمة عبر قنوات غير Bugcrowd. + + +لمزيد من التفاصيل، راجع [سياسة الأمان](https://github.com/crewAIInc/crewAI/blob/main/.github/security.md) الخاصة بنا. + +## 6. قراءة إضافية لمزيد من المعلومات التفصيلية حول أمان MCP، راجع التوثيق الرسمي: - **[أمان نقل MCP](https://modelcontextprotocol.io/docs/concepts/transports#security-considerations)** diff --git a/docs/ar/security.mdx b/docs/ar/security.mdx new file mode 100644 index 000000000..c6454cca7 --- /dev/null +++ b/docs/ar/security.mdx @@ -0,0 +1,22 @@ +--- +title: سياسة الأمان +description: تعرف على كيفية الإبلاغ عن الثغرات الأمنية وممارسات الأمان في CrewAI. +icon: shield +mode: "wide" +--- + +## الإبلاغ عن الثغرات الأمنية + +إذا اكتشفت ثغرة أمنية في CrewAI، يرجى الإبلاغ عنها بشكل مسؤول من خلال برنامج الكشف عن الثغرات (VDP) الخاص بنا على Bugcrowd: + +**أرسل التقارير إلى:** [crewai-vdp-ess@submit.bugcrowd.com](mailto:crewai-vdp-ess@submit.bugcrowd.com) + + +**لا تكشف** عن الثغرات عبر issues العامة على GitHub أو pull requests أو وسائل التواصل الاجتماعي. لن تتم مراجعة التقارير المقدمة عبر قنوات غير Bugcrowd. + + +لمزيد من التفاصيل، راجع [سياسة الأمان على GitHub](https://github.com/crewAIInc/crewAI/blob/main/.github/security.md). + +## موارد الأمان + +- **[اعتبارات أمان MCP](/mcp/security)** — أفضل الممارسات لدمج خوادم MCP بأمان مع وكلاء CrewAI، بما في ذلك أمان النقل ومخاطر حقن الأوامر ونصائح تنفيذ الخادم. diff --git a/docs/docs.json b/docs/docs.json index a4dcf4c1f..325accc27 100644 --- a/docs/docs.json +++ b/docs/docs.json @@ -369,6 +369,12 @@ "pages": [ "en/telemetry" ] + }, + { + "group": "Security", + "pages": [ + "en/security" + ] } ] }, @@ -839,6 +845,12 @@ "pages": [ "en/telemetry" ] + }, + { + "group": "Security", + "pages": [ + "en/security" + ] } ] }, @@ -1308,6 +1320,12 @@ "pages": [ "en/telemetry" ] + }, + { + "group": "Security", + "pages": [ + "en/security" + ] } ] }, @@ -1777,6 +1795,12 @@ "pages": [ "en/telemetry" ] + }, + { + "group": "Security", + "pages": [ + "en/security" + ] } ] }, @@ -2247,6 +2271,12 @@ "pages": [ "en/telemetry" ] + }, + { + "group": "Security", + "pages": [ + "en/security" + ] } ] }, @@ -2715,6 +2745,12 @@ "pages": [ "en/telemetry" ] + }, + { + "group": "Security", + "pages": [ + "en/security" + ] } ] }, @@ -3186,6 +3222,12 @@ "pages": [ "en/telemetry" ] + }, + { + "group": "Security", + "pages": [ + "en/security" + ] } ] }, @@ -3671,6 +3713,12 @@ "pages": [ "pt-BR/telemetry" ] + }, + { + "group": "Segurança", + "pages": [ + "pt-BR/security" + ] } ] }, @@ -4125,6 +4173,12 @@ "pages": [ "pt-BR/telemetry" ] + }, + { + "group": "Segurança", + "pages": [ + "pt-BR/security" + ] } ] }, @@ -4579,6 +4633,12 @@ "pages": [ "pt-BR/telemetry" ] + }, + { + "group": "Segurança", + "pages": [ + "pt-BR/security" + ] } ] }, @@ -5033,6 +5093,12 @@ "pages": [ "pt-BR/telemetry" ] + }, + { + "group": "Segurança", + "pages": [ + "pt-BR/security" + ] } ] }, @@ -5486,6 +5552,12 @@ "pages": [ "pt-BR/telemetry" ] + }, + { + "group": "Segurança", + "pages": [ + "pt-BR/security" + ] } ] }, @@ -5939,6 +6011,12 @@ "pages": [ "pt-BR/telemetry" ] + }, + { + "group": "Segurança", + "pages": [ + "pt-BR/security" + ] } ] }, @@ -6393,6 +6471,12 @@ "pages": [ "pt-BR/telemetry" ] + }, + { + "group": "Segurança", + "pages": [ + "pt-BR/security" + ] } ] }, @@ -6890,6 +6974,12 @@ "pages": [ "ko/telemetry" ] + }, + { + "group": "보안", + "pages": [ + "ko/security" + ] } ] }, @@ -7356,6 +7446,12 @@ "pages": [ "ko/telemetry" ] + }, + { + "group": "보안", + "pages": [ + "ko/security" + ] } ] }, @@ -7822,6 +7918,12 @@ "pages": [ "ko/telemetry" ] + }, + { + "group": "보안", + "pages": [ + "ko/security" + ] } ] }, @@ -8288,6 +8390,12 @@ "pages": [ "ko/telemetry" ] + }, + { + "group": "보안", + "pages": [ + "ko/security" + ] } ] }, @@ -8753,6 +8861,12 @@ "pages": [ "ko/telemetry" ] + }, + { + "group": "보안", + "pages": [ + "ko/security" + ] } ] }, @@ -9218,6 +9332,12 @@ "pages": [ "ko/telemetry" ] + }, + { + "group": "보안", + "pages": [ + "ko/security" + ] } ] }, @@ -9684,6 +9804,12 @@ "pages": [ "ko/telemetry" ] + }, + { + "group": "보안", + "pages": [ + "ko/security" + ] } ] }, @@ -10181,6 +10307,12 @@ "pages": [ "ar/telemetry" ] + }, + { + "group": "الأمان", + "pages": [ + "ar/security" + ] } ] }, @@ -10647,6 +10779,12 @@ "pages": [ "ar/telemetry" ] + }, + { + "group": "الأمان", + "pages": [ + "ar/security" + ] } ] }, @@ -11113,6 +11251,12 @@ "pages": [ "ar/telemetry" ] + }, + { + "group": "الأمان", + "pages": [ + "ar/security" + ] } ] }, @@ -11579,6 +11723,12 @@ "pages": [ "ar/telemetry" ] + }, + { + "group": "الأمان", + "pages": [ + "ar/security" + ] } ] }, @@ -12044,6 +12194,12 @@ "pages": [ "ar/telemetry" ] + }, + { + "group": "الأمان", + "pages": [ + "ar/security" + ] } ] }, @@ -12509,6 +12665,12 @@ "pages": [ "ar/telemetry" ] + }, + { + "group": "الأمان", + "pages": [ + "ar/security" + ] } ] }, @@ -12975,6 +13137,12 @@ "pages": [ "ar/telemetry" ] + }, + { + "group": "الأمان", + "pages": [ + "ar/security" + ] } ] }, @@ -13291,4 +13459,4 @@ "reddit": "https://www.reddit.com/r/crewAIInc/" } } -} +} \ No newline at end of file diff --git a/docs/en/mcp/security.mdx b/docs/en/mcp/security.mdx index 4fc84cdeb..0edd7583e 100644 --- a/docs/en/mcp/security.mdx +++ b/docs/en/mcp/security.mdx @@ -156,7 +156,19 @@ If you are developing an MCP server that CrewAI agents might connect to, conside - **Adherence to MCP Authorization Spec**: If implementing authentication and authorization, strictly follow the [MCP Authorization specification](https://modelcontextprotocol.io/specification/draft/basic/authorization) and relevant [OAuth 2.0 security best practices](https://datatracker.ietf.org/doc/html/rfc9700). - **Regular Security Audits**: If your MCP server handles sensitive data, performs critical operations, or is publicly exposed, consider periodic security audits by qualified professionals. -## 5. Further Reading +## 5. Reporting Security Vulnerabilities + +If you discover a security vulnerability in CrewAI, please report it responsibly through our Bugcrowd Vulnerability Disclosure Program (VDP): + +**Submit reports to:** [crewai-vdp-ess@submit.bugcrowd.com](mailto:crewai-vdp-ess@submit.bugcrowd.com) + + +**Do not** disclose vulnerabilities via public GitHub issues, pull requests, or social media. Reports submitted via channels other than Bugcrowd will not be reviewed. + + +For full details, see our [Security Policy](https://github.com/crewAIInc/crewAI/blob/main/.github/security.md). + +## 6. Further Reading For more detailed information on MCP security, refer to the official documentation: - **[MCP Transport Security](https://modelcontextprotocol.io/docs/concepts/transports#security-considerations)** diff --git a/docs/en/security.mdx b/docs/en/security.mdx new file mode 100644 index 000000000..ec4c12774 --- /dev/null +++ b/docs/en/security.mdx @@ -0,0 +1,22 @@ +--- +title: Security Policy +description: Learn how to report security vulnerabilities and about CrewAI's security practices. +icon: shield +mode: "wide" +--- + +## Reporting Security Vulnerabilities + +If you discover a security vulnerability in CrewAI, please report it responsibly through our Bugcrowd Vulnerability Disclosure Program (VDP): + +**Submit reports to:** [crewai-vdp-ess@submit.bugcrowd.com](mailto:crewai-vdp-ess@submit.bugcrowd.com) + + +**Do not** disclose vulnerabilities via public GitHub issues, pull requests, or social media. Reports submitted via channels other than Bugcrowd will not be reviewed. + + +For full details, see our [Security Policy on GitHub](https://github.com/crewAIInc/crewAI/blob/main/.github/security.md). + +## Security Resources + +- **[MCP Security Considerations](/mcp/security)** — Best practices for securely integrating MCP servers with your CrewAI agents, including transport security, prompt injection risks, and server implementation advice. diff --git a/docs/ko/mcp/security.mdx b/docs/ko/mcp/security.mdx index dd32747f5..f648e695d 100644 --- a/docs/ko/mcp/security.mdx +++ b/docs/ko/mcp/security.mdx @@ -156,7 +156,19 @@ CrewAI 에이전트가 연결할 수 있는 MCP 서버를 개발하고 있다면 - **MCP 인증 사양 준수**: 인증 및 권한 부여를 구현할 경우, [MCP Authorization specification](https://modelcontextprotocol.io/specification/draft/basic/authorization) 및 관련 [OAuth 2.0 security best practices](https://datatracker.ietf.org/doc/html/rfc9700)를 엄격히 준수하세요. - **정기적인 보안 감사**: MCP 서버가 민감한 데이터를 처리하거나, 중요한 작업을 수행하거나, 대외적으로 노출된 경우 자격을 갖춘 전문가의 정기적인 보안 감사를 고려하세요. -## 5. 추가 참고 자료 +## 5. 보안 취약점 보고 + +CrewAI에서 보안 취약점을 발견하셨다면, Bugcrowd 취약점 공개 프로그램(VDP)을 통해 책임감 있게 보고해 주세요: + +**보고서 제출:** [crewai-vdp-ess@submit.bugcrowd.com](mailto:crewai-vdp-ess@submit.bugcrowd.com) + + +공개 GitHub 이슈, 풀 리퀘스트 또는 소셜 미디어를 통해 취약점을 공개하지 **마세요**. Bugcrowd 이외의 채널로 제출된 보고서는 검토되지 않습니다. + + +자세한 내용은 [보안 정책](https://github.com/crewAIInc/crewAI/blob/main/.github/security.md)을 참조하세요. + +## 6. 추가 참고 자료 MCP 보안에 대한 자세한 내용은 공식 문서를 참고하세요: - **[MCP 전송 보안](https://modelcontextprotocol.io/docs/concepts/transports#security-considerations)** diff --git a/docs/ko/security.mdx b/docs/ko/security.mdx new file mode 100644 index 000000000..7d90253c6 --- /dev/null +++ b/docs/ko/security.mdx @@ -0,0 +1,22 @@ +--- +title: 보안 정책 +description: CrewAI의 보안 취약점 보고 방법과 보안 관행에 대해 알아보세요. +icon: shield +mode: "wide" +--- + +## 보안 취약점 보고 + +CrewAI에서 보안 취약점을 발견하셨다면, Bugcrowd 취약점 공개 프로그램(VDP)을 통해 책임감 있게 보고해 주세요: + +**보고서 제출:** [crewai-vdp-ess@submit.bugcrowd.com](mailto:crewai-vdp-ess@submit.bugcrowd.com) + + +공개 GitHub 이슈, 풀 리퀘스트 또는 소셜 미디어를 통해 취약점을 공개하지 **마세요**. Bugcrowd 이외의 채널로 제출된 보고서는 검토되지 않습니다. + + +자세한 내용은 [GitHub 보안 정책](https://github.com/crewAIInc/crewAI/blob/main/.github/security.md)을 참조하세요. + +## 보안 리소스 + +- **[MCP 보안 고려사항](/mcp/security)** — MCP 서버를 CrewAI 에이전트와 안전하게 통합하기 위한 모범 사례로, 전송 보안, 프롬프트 인젝션 위험 및 서버 구현 권장 사항을 포함합니다. diff --git a/docs/pt-BR/mcp/security.mdx b/docs/pt-BR/mcp/security.mdx index c62f1d9bc..c89111c54 100644 --- a/docs/pt-BR/mcp/security.mdx +++ b/docs/pt-BR/mcp/security.mdx @@ -156,7 +156,19 @@ Se você está desenvolvendo um servidor MCP ao qual agentes CrewAI possam se co - **Aderência à Especificação de Autorização MCP**: Caso implemente autenticação e autorização, siga estritamente a [especificação de autorização MCP](https://modelcontextprotocol.io/specification/draft/basic/authorization) e as [melhores práticas de segurança OAuth 2.0](https://datatracker.ietf.org/doc/html/rfc9700) relevantes. - **Auditorias de Segurança Regulares**: Caso seu servidor MCP manipule dados sensíveis, realize operações críticas ou seja exposto publicamente, considere auditorias de segurança periódicas conduzidas por profissionais qualificados. -## 5. Leituras Adicionais +## 5. Reportando Vulnerabilidades de Segurança + +Se você descobrir uma vulnerabilidade de segurança no CrewAI, por favor reporte de forma responsável através do nosso Programa de Divulgação de Vulnerabilidades (VDP) no Bugcrowd: + +**Envie relatórios para:** [crewai-vdp-ess@submit.bugcrowd.com](mailto:crewai-vdp-ess@submit.bugcrowd.com) + + +**Não** divulgue vulnerabilidades por meio de issues públicas no GitHub, pull requests ou redes sociais. Relatórios enviados por outros canais que não o Bugcrowd não serão analisados. + + +Para mais detalhes, consulte nossa [Política de Segurança](https://github.com/crewAIInc/crewAI/blob/main/.github/security.md). + +## 6. Leituras Adicionais Para informações mais detalhadas sobre segurança MCP, consulte a documentação oficial: - **[Segurança de Transporte MCP](https://modelcontextprotocol.io/docs/concepts/transports#security-considerations)** diff --git a/docs/pt-BR/security.mdx b/docs/pt-BR/security.mdx new file mode 100644 index 000000000..5a95469d5 --- /dev/null +++ b/docs/pt-BR/security.mdx @@ -0,0 +1,22 @@ +--- +title: Política de Segurança +description: Saiba como reportar vulnerabilidades de segurança e sobre as práticas de segurança do CrewAI. +icon: shield +mode: "wide" +--- + +## Reportando Vulnerabilidades de Segurança + +Se você descobrir uma vulnerabilidade de segurança no CrewAI, por favor reporte de forma responsável através do nosso Programa de Divulgação de Vulnerabilidades (VDP) no Bugcrowd: + +**Envie relatórios para:** [crewai-vdp-ess@submit.bugcrowd.com](mailto:crewai-vdp-ess@submit.bugcrowd.com) + + +**Não** divulgue vulnerabilidades por meio de issues públicas no GitHub, pull requests ou redes sociais. Relatórios enviados por outros canais que não o Bugcrowd não serão analisados. + + +Para mais detalhes, consulte nossa [Política de Segurança no GitHub](https://github.com/crewAIInc/crewAI/blob/main/.github/security.md). + +## Recursos de Segurança + +- **[Considerações de Segurança MCP](/mcp/security)** — Melhores práticas para integrar servidores MCP com segurança aos seus agentes CrewAI, incluindo segurança de transporte, riscos de injeção de prompt e conselhos de implementação de servidor.