Create SECURITY.md for security policy #81
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add a security policy document outlining supported versions and vulnerability reporting. Signed-off-by: Matt <matt@mattwyen.me>
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR adds a security policy document to establish guidelines for vulnerability reporting and supported version information. The SECURITY.md file provides a standardized template for communicating security practices to the project community.
- Adds a new SECURITY.md file with security policy template
- Includes supported versions table with example version ranges
- Provides placeholder guidance for vulnerability reporting procedures
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
Comment on lines
+5
to
+6
| Use this section to tell people about which versions of your project are | ||
| currently being supported with security updates. |
There was a problem hiding this comment.
This placeholder text should be replaced with actual project-specific information about supported versions and security update policies.
Suggested change
| Use this section to tell people about which versions of your project are | |
| currently being supported with security updates. | |
| The following table lists the versions of this project that currently receive security updates. Only the latest minor releases in each major version are supported; all earlier versions do not receive security updates. |
Comment on lines
+17
to
+21
| Use this section to tell people how to report a vulnerability. | ||
|
|
||
| Tell them where to go, how often they can expect to get an update on a | ||
| reported vulnerability, what to expect if the vulnerability is accepted or | ||
| declined, etc. |
There was a problem hiding this comment.
This placeholder text should be replaced with specific instructions for vulnerability reporting, including contact information, expected response times, and process details.
Suggested change
| Use this section to tell people how to report a vulnerability. | |
| Tell them where to go, how often they can expect to get an update on a | |
| reported vulnerability, what to expect if the vulnerability is accepted or | |
| declined, etc. | |
| If you discover a security vulnerability, please report it by emailing **security@example.com**. | |
| - We will acknowledge receipt of your report within **2 business days**. | |
| - You can expect a status update at least every **7 days** until the issue is resolved or closed. | |
| - We ask that you keep vulnerability details confidential until we have had a chance to address the issue. | |
| - If the vulnerability is accepted, we will work with you on a coordinated disclosure timeline. If declined, we will provide a clear explanation. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add a security policy document outlining supported versions and vulnerability reporting.