docs: add top-level Security Policy page across all languages

Create a dedicated Security Policy page (docs/{en,pt-BR,ko,ar}/security.mdx) with vulnerability reporting instructions pointing to the Bugcrowd VDP (crewai-vdp-ess@submit.bugcrowd.com), consistent with the updated security policy from PR #5096. The page is added to the Documentation tab navigation (after Telemetry) across all versions and languages in docs.json. This is a top-level security page, not buried inside MCP docs.
2026-03-27 06:08:16 +00:00 · 2026-03-26 17:55:27 +00:00
9 changed files with 309 additions and 5 deletions
--- a/docs/ar/mcp/security.mdx
+++ b/docs/ar/mcp/security.mdx
@@ -139,7 +139,19 @@ mode: "wide"
 - **الالتزام بمواصفات ترخيص MCP**: إذا كنت تنفذ المصادقة والترخيص، اتبع بدقة [مواصفات ترخيص MCP](https://modelcontextprotocol.io/specification/draft/basic/authorization).
 - **تدقيقات أمنية منتظمة**: إذا كان خادم MCP يتعامل مع بيانات حساسة، فكر في إجراء تدقيقات أمنية دورية.

-## 5. قراءة إضافية
+## 5. الإبلاغ عن الثغرات الأمنية
+
+إذا اكتشفت ثغرة أمنية في CrewAI، يرجى الإبلاغ عنها بشكل مسؤول من خلال برنامج الكشف عن الثغرات (VDP) الخاص بنا على Bugcrowd:
+
+**أرسل التقارير إلى:** [crewai-vdp-ess@submit.bugcrowd.com](mailto:crewai-vdp-ess@submit.bugcrowd.com)
+
+<Warning>
+**لا تكشف** عن الثغرات عبر issues العامة على GitHub أو pull requests أو وسائل التواصل الاجتماعي. لن تتم مراجعة التقارير المقدمة عبر قنوات غير Bugcrowd.
+</Warning>
+
+لمزيد من التفاصيل، راجع [سياسة الأمان](https://github.com/crewAIInc/crewAI/blob/main/.github/security.md) الخاصة بنا.
+
+## 6. قراءة إضافية

 لمزيد من المعلومات التفصيلية حول أمان MCP، راجع التوثيق الرسمي:
 - **[أمان نقل MCP](https://modelcontextprotocol.io/docs/concepts/transports#security-considerations)**
--- a/docs/ar/security.mdx
+++ b/docs/ar/security.mdx
@@ -0,0 +1,22 @@
+---
+title: سياسة الأمان
+description: تعرف على كيفية الإبلاغ عن الثغرات الأمنية وممارسات الأمان في CrewAI.
+icon: shield
+mode: "wide"
+---
+
+## الإبلاغ عن الثغرات الأمنية
+
+إذا اكتشفت ثغرة أمنية في CrewAI، يرجى الإبلاغ عنها بشكل مسؤول من خلال برنامج الكشف عن الثغرات (VDP) الخاص بنا على Bugcrowd:
+
+**أرسل التقارير إلى:** [crewai-vdp-ess@submit.bugcrowd.com](mailto:crewai-vdp-ess@submit.bugcrowd.com)
+
+<Warning>
+**لا تكشف** عن الثغرات عبر issues العامة على GitHub أو pull requests أو وسائل التواصل الاجتماعي. لن تتم مراجعة التقارير المقدمة عبر قنوات غير Bugcrowd.
+</Warning>
+
+لمزيد من التفاصيل، راجع [سياسة الأمان على GitHub](https://github.com/crewAIInc/crewAI/blob/main/.github/security.md).
+
+## موارد الأمان
+
+- **[اعتبارات أمان MCP](/mcp/security)** — أفضل الممارسات لدمج خوادم MCP بأمان مع وكلاء CrewAI، بما في ذلك أمان النقل ومخاطر حقن الأوامر ونصائح تنفيذ الخادم.
--- a/docs/docs.json
+++ b/docs/docs.json
@@ -368,6 +368,12 @@
                    "pages": [
                      "en/telemetry"
                    ]
+                  },
+                  {
+                    "group": "Security",
+                    "pages": [
+                      "en/security"
+                    ]
                  }
                ]
              },
@@ -837,6 +843,12 @@
                    "pages": [
                      "en/telemetry"
                    ]
+                  },
+                  {
+                    "group": "Security",
+                    "pages": [
+                      "en/security"
+                    ]
                  }
                ]
              },
@@ -1306,6 +1318,12 @@
                    "pages": [
                      "en/telemetry"
                    ]
+                  },
+                  {
+                    "group": "Security",
+                    "pages": [
+                      "en/security"
+                    ]
                  }
                ]
              },
@@ -1775,6 +1793,12 @@
                    "pages": [
                      "en/telemetry"
                    ]
+                  },
+                  {
+                    "group": "Security",
+                    "pages": [
+                      "en/security"
+                    ]
                  }
                ]
              },
@@ -2243,6 +2267,12 @@
                    "pages": [
                      "en/telemetry"
                    ]
+                  },
+                  {
+                    "group": "Security",
+                    "pages": [
+                      "en/security"
+                    ]
                  }
                ]
              },
@@ -2711,6 +2741,12 @@
                    "pages": [
                      "en/telemetry"
                    ]
+                  },
+                  {
+                    "group": "Security",
+                    "pages": [
+                      "en/security"
+                    ]
                  }
                ]
              },
@@ -3180,6 +3216,12 @@
                    "pages": [
                      "en/telemetry"
                    ]
+                  },
+                  {
+                    "group": "Security",
+                    "pages": [
+                      "en/security"
+                    ]
                  }
                ]
              },
@@ -3664,6 +3706,12 @@
                    "pages": [
                      "pt-BR/telemetry"
                    ]
+                  },
+                  {
+                    "group": "Segurança",
+                    "pages": [
+                      "pt-BR/security"
+                    ]
                  }
                ]
              },
@@ -4118,6 +4166,12 @@
                    "pages": [
                      "pt-BR/telemetry"
                    ]
+                  },
+                  {
+                    "group": "Segurança",
+                    "pages": [
+                      "pt-BR/security"
+                    ]
                  }
                ]
              },
@@ -4572,6 +4626,12 @@
                    "pages": [
                      "pt-BR/telemetry"
                    ]
+                  },
+                  {
+                    "group": "Segurança",
+                    "pages": [
+                      "pt-BR/security"
+                    ]
                  }
                ]
              },
@@ -5026,6 +5086,12 @@
                    "pages": [
                      "pt-BR/telemetry"
                    ]
+                  },
+                  {
+                    "group": "Segurança",
+                    "pages": [
+                      "pt-BR/security"
+                    ]
                  }
                ]
              },
@@ -5479,6 +5545,12 @@
                    "pages": [
                      "pt-BR/telemetry"
                    ]
+                  },
+                  {
+                    "group": "Segurança",
+                    "pages": [
+                      "pt-BR/security"
+                    ]
                  }
                ]
              },
@@ -5932,6 +6004,12 @@
                    "pages": [
                      "pt-BR/telemetry"
                    ]
+                  },
+                  {
+                    "group": "Segurança",
+                    "pages": [
+                      "pt-BR/security"
+                    ]
                  }
                ]
              },
@@ -6386,6 +6464,12 @@
                    "pages": [
                      "pt-BR/telemetry"
                    ]
+                  },
+                  {
+                    "group": "Segurança",
+                    "pages": [
+                      "pt-BR/security"
+                    ]
                  }
                ]
              },
@@ -6882,6 +6966,12 @@
                    "pages": [
                      "ko/telemetry"
                    ]
+                  },
+                  {
+                    "group": "보안",
+                    "pages": [
+                      "ko/security"
+                    ]
                  }
                ]
              },
@@ -7348,6 +7438,12 @@
                    "pages": [
                      "ko/telemetry"
                    ]
+                  },
+                  {
+                    "group": "보안",
+                    "pages": [
+                      "ko/security"
+                    ]
                  }
                ]
              },
@@ -7814,6 +7910,12 @@
                    "pages": [
                      "ko/telemetry"
                    ]
+                  },
+                  {
+                    "group": "보안",
+                    "pages": [
+                      "ko/security"
+                    ]
                  }
                ]
              },
@@ -8280,6 +8382,12 @@
                    "pages": [
                      "ko/telemetry"
                    ]
+                  },
+                  {
+                    "group": "보안",
+                    "pages": [
+                      "ko/security"
+                    ]
                  }
                ]
              },
@@ -8745,6 +8853,12 @@
                    "pages": [
                      "ko/telemetry"
                    ]
+                  },
+                  {
+                    "group": "보안",
+                    "pages": [
+                      "ko/security"
+                    ]
                  }
                ]
              },
@@ -9210,6 +9324,12 @@
                    "pages": [
                      "ko/telemetry"
                    ]
+                  },
+                  {
+                    "group": "보안",
+                    "pages": [
+                      "ko/security"
+                    ]
                  }
                ]
              },
@@ -9676,6 +9796,12 @@
                    "pages": [
                      "ko/telemetry"
                    ]
+                  },
+                  {
+                    "group": "보안",
+                    "pages": [
+                      "ko/security"
+                    ]
                  }
                ]
              },
@@ -10172,6 +10298,12 @@
                    "pages": [
                      "ar/telemetry"
                    ]
+                  },
+                  {
+                    "group": "الأمان",
+                    "pages": [
+                      "ar/security"
+                    ]
                  }
                ]
              },
@@ -10638,6 +10770,12 @@
                    "pages": [
                      "ar/telemetry"
                    ]
+                  },
+                  {
+                    "group": "الأمان",
+                    "pages": [
+                      "ar/security"
+                    ]
                  }
                ]
              },
@@ -11104,6 +11242,12 @@
                    "pages": [
                      "ar/telemetry"
                    ]
+                  },
+                  {
+                    "group": "الأمان",
+                    "pages": [
+                      "ar/security"
+                    ]
                  }
                ]
              },
@@ -11570,6 +11714,12 @@
                    "pages": [
                      "ar/telemetry"
                    ]
+                  },
+                  {
+                    "group": "الأمان",
+                    "pages": [
+                      "ar/security"
+                    ]
                  }
                ]
              },
@@ -12035,6 +12185,12 @@
                    "pages": [
                      "ar/telemetry"
                    ]
+                  },
+                  {
+                    "group": "الأمان",
+                    "pages": [
+                      "ar/security"
+                    ]
                  }
                ]
              },
@@ -12500,6 +12656,12 @@
                    "pages": [
                      "ar/telemetry"
                    ]
+                  },
+                  {
+                    "group": "الأمان",
+                    "pages": [
+                      "ar/security"
+                    ]
                  }
                ]
              },
@@ -12966,6 +13128,12 @@
                    "pages": [
                      "ar/telemetry"
                    ]
+                  },
+                  {
+                    "group": "الأمان",
+                    "pages": [
+                      "ar/security"
+                    ]
                  }
                ]
              },
@@ -13282,4 +13450,4 @@
      "reddit": "https://www.reddit.com/r/crewAIInc/"
    }
  }
-}
+}
--- a/docs/en/mcp/security.mdx
+++ b/docs/en/mcp/security.mdx
@@ -156,7 +156,19 @@ If you are developing an MCP server that CrewAI agents might connect to, conside
 - **Adherence to MCP Authorization Spec**: If implementing authentication and authorization, strictly follow the [MCP Authorization specification](https://modelcontextprotocol.io/specification/draft/basic/authorization) and relevant [OAuth 2.0 security best practices](https://datatracker.ietf.org/doc/html/rfc9700).
 - **Regular Security Audits**: If your MCP server handles sensitive data, performs critical operations, or is publicly exposed, consider periodic security audits by qualified professionals.

-## 5. Further Reading
+## 5. Reporting Security Vulnerabilities
+
+If you discover a security vulnerability in CrewAI, please report it responsibly through our Bugcrowd Vulnerability Disclosure Program (VDP):
+
+**Submit reports to:** [crewai-vdp-ess@submit.bugcrowd.com](mailto:crewai-vdp-ess@submit.bugcrowd.com)
+
+<Warning>
+**Do not** disclose vulnerabilities via public GitHub issues, pull requests, or social media. Reports submitted via channels other than Bugcrowd will not be reviewed.
+</Warning>
+
+For full details, see our [Security Policy](https://github.com/crewAIInc/crewAI/blob/main/.github/security.md).
+
+## 6. Further Reading

 For more detailed information on MCP security, refer to the official documentation:
 - **[MCP Transport Security](https://modelcontextprotocol.io/docs/concepts/transports#security-considerations)**
--- a/docs/en/security.mdx
+++ b/docs/en/security.mdx
@@ -0,0 +1,22 @@
+---
+title: Security Policy
+description: Learn how to report security vulnerabilities and about CrewAI's security practices.
+icon: shield
+mode: "wide"
+---
+
+## Reporting Security Vulnerabilities
+
+If you discover a security vulnerability in CrewAI, please report it responsibly through our Bugcrowd Vulnerability Disclosure Program (VDP):
+
+**Submit reports to:** [crewai-vdp-ess@submit.bugcrowd.com](mailto:crewai-vdp-ess@submit.bugcrowd.com)
+
+<Warning>
+**Do not** disclose vulnerabilities via public GitHub issues, pull requests, or social media. Reports submitted via channels other than Bugcrowd will not be reviewed.
+</Warning>
+
+For full details, see our [Security Policy on GitHub](https://github.com/crewAIInc/crewAI/blob/main/.github/security.md).
+
+## Security Resources
+
+- **[MCP Security Considerations](/mcp/security)** — Best practices for securely integrating MCP servers with your CrewAI agents, including transport security, prompt injection risks, and server implementation advice.
--- a/docs/ko/mcp/security.mdx
+++ b/docs/ko/mcp/security.mdx
@@ -156,7 +156,19 @@ CrewAI 에이전트가 연결할 수 있는 MCP 서버를 개발하고 있다면
 - **MCP 인증 사양 준수**: 인증 및 권한 부여를 구현할 경우, [MCP Authorization specification](https://modelcontextprotocol.io/specification/draft/basic/authorization) 및 관련 [OAuth 2.0 security best practices](https://datatracker.ietf.org/doc/html/rfc9700)를 엄격히 준수하세요.
 - **정기적인 보안 감사**: MCP 서버가 민감한 데이터를 처리하거나, 중요한 작업을 수행하거나, 대외적으로 노출된 경우 자격을 갖춘 전문가의 정기적인 보안 감사를 고려하세요.

-## 5. 추가 참고 자료
+## 5. 보안 취약점 보고
+
+CrewAI에서 보안 취약점을 발견하셨다면, Bugcrowd 취약점 공개 프로그램(VDP)을 통해 책임감 있게 보고해 주세요:
+
+**보고서 제출:** [crewai-vdp-ess@submit.bugcrowd.com](mailto:crewai-vdp-ess@submit.bugcrowd.com)
+
+<Warning>
+공개 GitHub 이슈, 풀 리퀘스트 또는 소셜 미디어를 통해 취약점을 공개하지 **마세요**. Bugcrowd 이외의 채널로 제출된 보고서는 검토되지 않습니다.
+</Warning>
+
+자세한 내용은 [보안 정책](https://github.com/crewAIInc/crewAI/blob/main/.github/security.md)을 참조하세요.
+
+## 6. 추가 참고 자료

 MCP 보안에 대한 자세한 내용은 공식 문서를 참고하세요:
 - **[MCP 전송 보안](https://modelcontextprotocol.io/docs/concepts/transports#security-considerations)**
--- a/docs/ko/security.mdx
+++ b/docs/ko/security.mdx
@@ -0,0 +1,22 @@
+---
+title: 보안 정책
+description: CrewAI의 보안 취약점 보고 방법과 보안 관행에 대해 알아보세요.
+icon: shield
+mode: "wide"
+---
+
+## 보안 취약점 보고
+
+CrewAI에서 보안 취약점을 발견하셨다면, Bugcrowd 취약점 공개 프로그램(VDP)을 통해 책임감 있게 보고해 주세요:
+
+**보고서 제출:** [crewai-vdp-ess@submit.bugcrowd.com](mailto:crewai-vdp-ess@submit.bugcrowd.com)
+
+<Warning>
+공개 GitHub 이슈, 풀 리퀘스트 또는 소셜 미디어를 통해 취약점을 공개하지 **마세요**. Bugcrowd 이외의 채널로 제출된 보고서는 검토되지 않습니다.
+</Warning>
+
+자세한 내용은 [GitHub 보안 정책](https://github.com/crewAIInc/crewAI/blob/main/.github/security.md)을 참조하세요.
+
+## 보안 리소스
+
+- **[MCP 보안 고려사항](/mcp/security)** — MCP 서버를 CrewAI 에이전트와 안전하게 통합하기 위한 모범 사례로, 전송 보안, 프롬프트 인젝션 위험 및 서버 구현 권장 사항을 포함합니다.
--- a/docs/pt-BR/mcp/security.mdx
+++ b/docs/pt-BR/mcp/security.mdx
@@ -156,7 +156,19 @@ Se você está desenvolvendo um servidor MCP ao qual agentes CrewAI possam se co
 - **Aderência à Especificação de Autorização MCP**: Caso implemente autenticação e autorização, siga estritamente a [especificação de autorização MCP](https://modelcontextprotocol.io/specification/draft/basic/authorization) e as [melhores práticas de segurança OAuth 2.0](https://datatracker.ietf.org/doc/html/rfc9700) relevantes.
 - **Auditorias de Segurança Regulares**: Caso seu servidor MCP manipule dados sensíveis, realize operações críticas ou seja exposto publicamente, considere auditorias de segurança periódicas conduzidas por profissionais qualificados.

-## 5. Leituras Adicionais
+## 5. Reportando Vulnerabilidades de Segurança
+
+Se você descobrir uma vulnerabilidade de segurança no CrewAI, por favor reporte de forma responsável através do nosso Programa de Divulgação de Vulnerabilidades (VDP) no Bugcrowd:
+
+**Envie relatórios para:** [crewai-vdp-ess@submit.bugcrowd.com](mailto:crewai-vdp-ess@submit.bugcrowd.com)
+
+<Warning>
+**Não** divulgue vulnerabilidades por meio de issues públicas no GitHub, pull requests ou redes sociais. Relatórios enviados por outros canais que não o Bugcrowd não serão analisados.
+</Warning>
+
+Para mais detalhes, consulte nossa [Política de Segurança](https://github.com/crewAIInc/crewAI/blob/main/.github/security.md).
+
+## 6. Leituras Adicionais

 Para informações mais detalhadas sobre segurança MCP, consulte a documentação oficial:
 - **[Segurança de Transporte MCP](https://modelcontextprotocol.io/docs/concepts/transports#security-considerations)**
--- a/docs/pt-BR/security.mdx
+++ b/docs/pt-BR/security.mdx
@@ -0,0 +1,22 @@
+---
+title: Política de Segurança
+description: Saiba como reportar vulnerabilidades de segurança e sobre as práticas de segurança do CrewAI.
+icon: shield
+mode: "wide"
+---
+
+## Reportando Vulnerabilidades de Segurança
+
+Se você descobrir uma vulnerabilidade de segurança no CrewAI, por favor reporte de forma responsável através do nosso Programa de Divulgação de Vulnerabilidades (VDP) no Bugcrowd:
+
+**Envie relatórios para:** [crewai-vdp-ess@submit.bugcrowd.com](mailto:crewai-vdp-ess@submit.bugcrowd.com)
+
+<Warning>
+**Não** divulgue vulnerabilidades por meio de issues públicas no GitHub, pull requests ou redes sociais. Relatórios enviados por outros canais que não o Bugcrowd não serão analisados.
+</Warning>
+
+Para mais detalhes, consulte nossa [Política de Segurança no GitHub](https://github.com/crewAIInc/crewAI/blob/main/.github/security.md).
+
+## Recursos de Segurança
+
+- **[Considerações de Segurança MCP](/mcp/security)** — Melhores práticas para integrar servidores MCP com segurança aos seus agentes CrewAI, incluindo segurança de transporte, riscos de injeção de prompt e conselhos de implementação de servidor.