From 169e5b069697e4828a06f77a1d6bc52ad278a3a5 Mon Sep 17 00:00:00 2001 From: Claude Date: Fri, 22 May 2026 10:31:17 +0000 Subject: [PATCH] Add SECURITY.md and CI lint workflow Adds a security policy with private vulnerability reporting instructions and a GitHub Actions lint workflow (ruff) that runs on PRs and pushes to main. https://claude.ai/code/session_017gtbUXurTwEU2f38478ptY --- .github/workflows/lint.yml | 23 +++++++++++++++++++++++ SECURITY.md | 32 ++++++++++++++++++++++++++++++++ 2 files changed, 55 insertions(+) create mode 100644 .github/workflows/lint.yml create mode 100644 SECURITY.md diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 0000000..baa0648 --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,23 @@ +name: Lint + +on: + pull_request: + branches: [main] + push: + branches: [main] + +jobs: + lint: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - uses: actions/setup-python@v5 + with: + python-version: "3.11" + + - name: Install ruff + run: pip install ruff + + - name: Run ruff + run: ruff check . diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..6c5687f --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,32 @@ +# Security Policy + +## Supported Versions + +| Version | Supported | +|---------|-----------| +| 0.1.x | ✅ | + +## Reporting a Vulnerability + +Please **do not** open a public GitHub issue for security vulnerabilities. + +Use one of these channels instead: + +- **GitHub private vulnerability reporting** (preferred): go to the + [Security tab](https://github.com/Botrops1/FusionConstraints/security/advisories/new) + and open a private advisory. +- **Email**: contact the maintainer directly (see profile). + +### What to include + +- Description of the vulnerability and potential impact +- Steps to reproduce or proof-of-concept +- Affected version(s) +- Any suggested fix if you have one + +### Response timeline + +- Acknowledgement within **48 hours** +- Assessment and fix timeline communicated within **7 days** + +Thank you for helping keep FusionConstraints users safe.