docs: add minimal SECURITY.md

[jamesbhobbs]

Add minimal SECURITY.md

Summary

Adds a minimal SECURITY.md file with essential security contact information. The file provides:

• Email address for reporting vulnerabilities (security@deepnote.com)
• Link to PGP key for encrypted communications
• Link to the canonical security policy at https://deepnote.com/.well-known/security.txt

This keeps SECURITY.md as a stable pointer to the authoritative security policy, avoiding duplication of policy details that could become stale.

Changes

• New file: SECURITY.md at repository root (5 lines)

Review Checklist

• Verify security@deepnote.com is the correct security contact email
• Confirm the PGP key URL is accessible: https://deepnote.com/.well-known/pgp-key.txt
• Confirm the security.txt URL is accessible: https://deepnote.com/.well-known/security.txt
• Verify this minimal format matches requirements (contact info + link to canonical policy)

---

Link to Devin run: https://app.devin.ai/sessions/438185883eb74719998759b503cc47b5
Requested by: James Hobbs (james@deepnote.com) / @jamesbhobbs

Summary by CodeRabbit

• Documentation
  • Added comprehensive security documentation to support the community. Includes vulnerability reporting procedures and guidelines, security team contact information for researchers and users, detailed encryption and PGP guidance for establishing secure communications channels, and relevant links to the complete security policy to enable safe and responsible vulnerability disclosure practices.

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR that start with 'DevinAI' or '@devin'.
• Look at CI failures and help fix them

⚙️ Control Options:

• Disable automatic comment and CI monitoring

[coderabbitai]

📝 Walkthrough

Walkthrough

Introduces a SECURITY.md file at the repository root documenting the vulnerability reporting process. The file includes security contact details, instructions for reporting vulnerabilities, PGP encryption guidance, and references the complete security policy. This establishes a standardized channel for security disclosures.

Possibly related PRs

• deepnote/deepnote#65: Adds the same SECURITY.md file with matching vulnerability reporting contact and PGP/security policy information.

Pre-merge checks

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title "docs: add minimal SECURITY.md" directly and clearly describes the primary change: adding a new SECURITY.md file to the repository. It uses conventional commit formatting, is concise, avoids vague terminology, and would be immediately understandable to someone scanning git history. The title accurately reflects the main objective of the PR without unnecessary detail or noise.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 72%. Comparing base (4382e25) to head (5c52402).
⚠️ Report is 1 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@          Coverage Diff          @@
##            main    #122   +/-   ##
=====================================
  Coverage     72%     72%           
=====================================
  Files        536     536           
  Lines      40837   40837           
  Branches    4990    4990           
=====================================
  Hits       29596   29596           
  Misses      9578    9578           
  Partials    1663    1663           

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.