docs(security): extend security policy#1142
Conversation
|
Thanks for opening this pull request! Please check out our contributing guidelines! ⛰️ |
janderssonse
force-pushed
the
fix/add-security-policy
branch
from
449089d to
e8cd58a
Compare
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #1142 +/- ##
==========================================
- Coverage 40.09% 40.04% -0.05%
==========================================
Files 21 21
Lines 1911 1911
==========================================
- Hits 766 765 -1
- Misses 1145 1146 +1
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
SECURITY.md
Outdated
| @@ -1,4 +1,6 @@ | |||
| # Security Policy | |||
| # Security Reporting | |||
There was a problem hiding this comment.
Should we maybe keep the old policy and add a new section as "Reporting" instead? I kinda find the previous page useful in terms of letting people know which versions of the project will support security updates.
There was a problem hiding this comment.
Agree 100%, and it is still in, look in the diff under "## Supported Versions"
There was a problem hiding this comment.
But let me know if it should be on top, right now it is the second heading.
Signed-off-by: Josef Andersson <[email protected]>
janderssonse
force-pushed
the
fix/add-security-policy
branch
from
e8cd58a to
8d10404
Compare
No, such a small contribution, but many thanks to you for git-cliff!! :) :) |
|
Congrats on merging your first pull request! ⛰️ |
3 participants
Description
This PR adds a SECURITY.md file, battle tested in other projects and orgs, (the construct is CC0 ie public domain, for example from here https://raw.githubusercontent.com/itiquette/git-provider-sync/refs/heads/main/SECURITY.md so just reuse. I removed the (404)-link to the advisory, as that information is more aimed at a developer,maintainer, than a user of the project.
Motivation and Context
A SECURITY.md would help anyone assessing the project for use, give a hint of how it handles critical no public security issues, and give anyone a clear instruction on how to report them non public.
This policy basically says "send your findings, and we will see if we handle them, we will notify you".
NOTE: there is a <...> in the text, where the preferred channel for reporting should be added I left that for you, (or tell me what to add there, and I'll rebase with that.
Also, discussed in #1141
closes #1141
How Has This Been Tested?
In other projects, alike texts.
Screenshots / Logs (if applicable)
Types of Changes
Checklist: