07ce689a8c
- dependabot.yml: automated updates for GitHub Actions and Go modules - CODEOWNERS: auto-assign reviewers by path - SECURITY.md: vulnerability reporting policy - ISSUE_TEMPLATE/: structured bug reports and feature requests - PULL_REQUEST_TEMPLATE.md: PR checklist Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
32 lines
906 B
Markdown
32 lines
906 B
Markdown
# Security Policy
|
|
|
|
## Supported Versions
|
|
|
|
| Version | Supported |
|
|
| ------- | ------------------ |
|
|
| dev | :white_check_mark: |
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
**Please do not report security vulnerabilities through public GitHub issues.**
|
|
|
|
Instead, please report them via email to: **security@host.uk.com**
|
|
|
|
Include:
|
|
- Description of the vulnerability
|
|
- Steps to reproduce
|
|
- Potential impact
|
|
- Any suggested fixes (optional)
|
|
|
|
You should receive a response within 48 hours. If the issue is confirmed, we will:
|
|
1. Work on a fix privately
|
|
2. Release a patch
|
|
3. Credit you in the release notes (unless you prefer anonymity)
|
|
|
|
## Security Best Practices
|
|
|
|
When contributing to this repository:
|
|
- Never commit secrets, API keys, or credentials
|
|
- Use environment variables for sensitive configuration
|
|
- Review dependencies for known vulnerabilities
|
|
- Follow the principle of least privilege in scripts
|