diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 0000000..baa0648 --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,23 @@ +name: Lint + +on: + pull_request: + branches: [main] + push: + branches: [main] + +jobs: + lint: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - uses: actions/setup-python@v5 + with: + python-version: "3.11" + + - name: Install ruff + run: pip install ruff + + - name: Run ruff + run: ruff check . diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..6c5687f --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,32 @@ +# Security Policy + +## Supported Versions + +| Version | Supported | +|---------|-----------| +| 0.1.x | ✅ | + +## Reporting a Vulnerability + +Please **do not** open a public GitHub issue for security vulnerabilities. + +Use one of these channels instead: + +- **GitHub private vulnerability reporting** (preferred): go to the + [Security tab](https://github.com/Botrops1/FusionConstraints/security/advisories/new) + and open a private advisory. +- **Email**: contact the maintainer directly (see profile). + +### What to include + +- Description of the vulnerability and potential impact +- Steps to reproduce or proof-of-concept +- Affected version(s) +- Any suggested fix if you have one + +### Response timeline + +- Acknowledgement within **48 hours** +- Assessment and fix timeline communicated within **7 days** + +Thank you for helping keep FusionConstraints users safe.