Skip to content

Commit

Permalink
Create a security policy (#1091)
Browse files Browse the repository at this point in the history
We really should provide guidance on how to open a security
issue on Bandit itself.

Tidelift also requires a security policy document that they can
refer to and help coordinate for their customers.
  • Loading branch information
ericwb authored Jan 13, 2024
1 parent a78cafe commit c2bd6d6
Showing 1 changed file with 9 additions and 0 deletions.
9 changes: 9 additions & 0 deletions SECURITY.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
# Security Policy

Bandit is a tool designed to find security issues, so every effort is made that Bandit itself is also
free of those issues. However, if you believe you have found a security vulnerability in this repository
please open it privately via the [Report a security vulnerability](https://github.com/PyCQA/bandit/security/advisories/new) link in the Issues tab.

**Please do not report security vulnerabilities through public issues, discussions, or pull requests.**

Please also inform the [Tidelift security](https://tidelift.com/security). Tidelift will help coordinate the fix and disclosure.

0 comments on commit c2bd6d6

Please sign in to comment.