From 8f27e47007df51736a826c216a1bc7cc872cd707 Mon Sep 17 00:00:00 2001 From: Thomas Jung <12159356+jung-thomas@users.noreply.github.com> Date: Fri, 12 Jun 2026 11:14:29 -0400 Subject: [PATCH] chore: add SAP security policy and warn about ex6 typo - Add canonical SAP-samples SECURITY.md (V0.0.1, points to SAP Trust Center) - Add WARNING callout in exercises/ex6/README.md flagging upstream typo V_INTERATION -> V_INTERACTION in two screenshots of the linked tutorial. Fixes #32. --- SECURITY.md | 42 +++++++++++++++++++++++++++++++++++++++++ exercises/ex6/README.md | 3 +++ 2 files changed, 45 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..b2e28e4 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,42 @@ + + +# SAP Open Source Security Policy + +SAP takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, including our primary [SAP](https://github.com/SAP),[SAP-samples](https://github.com/SAP-samples) ,[SAP-docs](https://github.com/SAP-docs) organizations as well as [our other GitHub organizations and projects](https://opensource.sap.com). + +If you believe you have found a security vulnerability in any SAP-owned repository, please report it to us as described below. + +## Reporting Security Issues + +**Please do not report security vulnerabilities through public GitHub issues.** + +Instead, please report them via the SAP Trust Center at [https://www.sap.com/about/trust-center/security/incident-management.html](https://www.sap.com/about/trust-center/security/incident-management.html). + +If you prefer to submit via email, please send an email to [secure@sap.com](mailto:secure@sap.com). If possible, encrypt your message with our PGP key; please download it from the [SAP Trust Center](https://www.sap.com/keyblock). + +Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue: + + - The repository name or URL + - Type of issue (buffer overflow, SQL injection, cross-site scripting, etc.) + - Full paths of the source file(s) related to the manifestation of the issue + - The location of the affected source code (tag/branch/commit or direct URL) + - Any particular configuration required to reproduce the issue + - Step-by-step instructions to reproduce the issue + - Proof-of-concept or exploit code (if possible) + - Impact of the issue, including how an attacker might exploit the issue + +This information will help us triage your report more quickly. + +## Preferred Languages + +We prefer all communications to be in English. + +## Disclosure Guidelines + +We like to ask you to follow the [Disclosure Guidelines for SAP Security Advisories](https://wiki.scn.sap.com/wiki/display/PSR/Disclosure+Guidelines+for+SAP+Security+Advisories). + +## SAP Internal Response Process + +As an SAP employee, please check our internal open source security response process ([go/oss-security-response](https://go.sap.corp/oss-security-response)) for further details on how to handle security incidents. + + diff --git a/exercises/ex6/README.md b/exercises/ex6/README.md index 34c5b69..1a04b6d 100644 --- a/exercises/ex6/README.md +++ b/exercises/ex6/README.md @@ -4,6 +4,9 @@ In this exercise you will build your first SAP HANA Calculation View inside Busi Perform all the steps in 👉 [tutorial: Create Calculation View and Expose via CAP (SAP HANA Cloud)](https://developers.sap.com/tutorials/hana-cloud-cap-calc-view.html) +> [!WARNING] +> **Heads-up on a screenshot typo in the upstream tutorial.** A couple of screenshots in the tutorial show the artifact name as `V_INTERATION` (missing the second **C**). The correct name — used in the surrounding text, your CDS file, and every later step — is **`V_INTERACTION`**. When you create the Calculation View artifact, type `V_INTERACTION` regardless of what the screenshot shows. (Tracked upstream; this note will be removed once the screenshots are refreshed.) + ## Background ### What is a Calculation View?