Skip to content

Docs: Add SECURITY.md security policy#162

Merged
zxiiro merged 1 commit into
lfreleng-actions:mainfrom
modeseven-lfreleng-actions:chore/add-security-md
Jun 11, 2026
Merged

Docs: Add SECURITY.md security policy#162
zxiiro merged 1 commit into
lfreleng-actions:mainfrom
modeseven-lfreleng-actions:chore/add-security-md

Conversation

@ModeSevenIndustrialSolutions

Copy link
Copy Markdown
Contributor

Summary

Adds a SECURITY.md security policy to this repository.

This addresses a medium-severity finding reported by the OpenSSF
Scorecard audit (the Security-Policy check), which flags repositories
that lack a published security policy.

The file is copied verbatim from the canonical version maintained in the
dependamerge
repository, ensuring a consistent security policy across the entire
organisation.

Changes

  • Add SECURITY.md (security policy and vulnerability reporting process)

Add a SECURITY.md security policy to address a medium-severity finding
from the OpenSSF Scorecard audit (Security-Policy check). The file is
copied verbatim from the canonical version maintained in the
dependamerge repository to ensure a consistent policy across the
organisation.

Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: Matthew Watkins <mwatkins@linuxfoundation.org>
@ModeSevenIndustrialSolutions ModeSevenIndustrialSolutions requested review from a team and Copilot June 11, 2026 11:26
@github-actions github-actions Bot added the documentation Improvements or additions to documentation label Jun 11, 2026

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a repository-level security policy (SECURITY.md) describing supported versions, private vulnerability reporting channels, and the expected response/disclosure process, to satisfy the OpenSSF Scorecard Security-Policy check.

Changes:

  • Add SECURITY.md security policy with supported versions guidance.
  • Document private reporting via GitHub advisories (preferred) and an email fallback.
  • Define a response process timeline and scope for security reports.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@zxiiro zxiiro left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤖 Dependamerge
Approved this pull request ✅

@zxiiro zxiiro merged commit 1db3e03 into lfreleng-actions:main Jun 11, 2026
26 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

documentation Improvements or additions to documentation

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants