ballerina-security-scope.md

Scope of the Ballerina Security Domain

Language security

• Security features (ex: @taint, @untaint etc.)
• Ballerina/Java code level security

Standard library security

• API security (ex: secure-socket API, authentication APIs, authorization APIs etc.)
• IAM security (ex: Basic Auth, JWT, OAuth2, etc.)
• Ballerina/Java code level security

Ballerina extended library security

• API security (ex: secure-socket API, authentication APIs, authorization APIs etc.)
• Ballerina/Java code level security

Distribution security

• Vulnerabilities of the 3rd party dependencies used for 1.2.x & Swan Lake releases

DevOps security

• GitHub actions/workflows security (ex: GitHub secrets, permissions etc.)

Website security

• Security aspects of the following websites:
  • ballerina.io
  • central.ballerina.io
  • lib.ballerina.io

Tooling security

• Security aspects of the following tooling components:
  • VS Code Extension
  • Update Tool
  • Ballerina Playground

Security concerns from community/customers

• Vulnerabilities of the 3rd party dependencies
• Vulnerabilities of the source code
• How to do kind of issues (mostly via Slack & StackOverflow)