We (HackerOne) just released a new API endpoint to update the program policy page: https://api.hackerone.com/docs/v1#/programs/policy/update. I heard @kubernetes is interested in this, so I figured it would be good to you guys started.

Using the API endpoint should be fairly straightforward. You can set up an API token as described in the docs and start making API calls. If you don't want to test with your actual HackerOne program (as it logs all changes), you can create a test program via https://hackerone.com/teams/new.

The hardest part is catching the actual changes to https://github.com/kubernetes/security/blob/master/security-release-process.md#security-release-process and trigger an action. I saw Github started testing with Github Actions (https://github.com/features/actions) which might be an option. Otherwise, an after commit hook might be something that could work as well.

Please let me know if you have any questions or comments.

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

@fejta-bot: Closing this issue.