andre/crewAI
1
0
Fork 0
mirror of https://github.com/crewAIInc/crewAI.git synced 2026-05-05 01:02:37 +00:00
Code Issues Actions 7 Packages Projects Releases Wiki Activity

docs: add top-level Security Policy page across all languages

Browse Source 
Create a dedicated Security Policy page (docs/{en,pt-BR,ko,ar}/security.mdx)
with vulnerability reporting instructions pointing to the Bugcrowd VDP
(crewai-vdp-ess@submit.bugcrowd.com), consistent with the updated security
policy from PR #5096.

The page is added to the Documentation tab navigation (after Telemetry)
across all versions and languages in docs.json.

This is a top-level security page, not buried inside MCP docs.
This commit is contained in:
Iris Clawd
2026-03-26 17:50:56 +00:00
committed by Alex
parent 804c26bd01
commit e0887276c3
9 changed files with 309 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
docs/en/mcp/security.mdx
View File

@@ -156,7 +156,19 @@ If you are developing an MCP server that CrewAI agents might connect to, conside
- **Adherence to MCP Authorization Spec**: If implementing authentication and authorization, strictly follow the [MCP Authorization specification](https://modelcontextprotocol.io/specification/draft/basic/authorization) and relevant [OAuth 2.0 security best practices](https://datatracker.ietf.org/doc/html/rfc9700).
- **Regular Security Audits**: If your MCP server handles sensitive data, performs critical operations, or is publicly exposed, consider periodic security audits by qualified professionals.
## 5. Further Reading
## 5. Reporting Security Vulnerabilities
If you discover a security vulnerability in CrewAI, please report it responsibly through our Bugcrowd Vulnerability Disclosure Program (VDP):
**Submit reports to:** [crewai-vdp-ess@submit.bugcrowd.com](mailto:crewai-vdp-ess@submit.bugcrowd.com)
<Warning>
**Do not** disclose vulnerabilities via public GitHub issues, pull requests, or social media. Reports submitted via channels other than Bugcrowd will not be reviewed.
</Warning>
For full details, see our [Security Policy](https://github.com/crewAIInc/crewAI/blob/main/.github/security.md).
## 6. Further Reading
For more detailed information on MCP security, refer to the official documentation:
- **[MCP Transport Security](https://modelcontextprotocol.io/docs/concepts/transports#security-considerations)**

22
docs/en/security.mdx Normal file
View File

@@ -0,0 +1,22 @@
---
title: Security Policy
description: Learn how to report security vulnerabilities and about CrewAI's security practices.
icon: shield
mode: "wide"
---
## Reporting Security Vulnerabilities
If you discover a security vulnerability in CrewAI, please report it responsibly through our Bugcrowd Vulnerability Disclosure Program (VDP):
**Submit reports to:** [crewai-vdp-ess@submit.bugcrowd.com](mailto:crewai-vdp-ess@submit.bugcrowd.com)
<Warning>
**Do not** disclose vulnerabilities via public GitHub issues, pull requests, or social media. Reports submitted via channels other than Bugcrowd will not be reviewed.
</Warning>
For full details, see our [Security Policy on GitHub](https://github.com/crewAIInc/crewAI/blob/main/.github/security.md).
## Security Resources
- **[MCP Security Considerations](/mcp/security)** — Best practices for securely integrating MCP servers with your CrewAI agents, including transport security, prompt injection risks, and server implementation advice.