Skip to content

chore: add SECURITY.md security policy#1

Open
jonathanubatech wants to merge 1 commit into
anuba:masterfrom
jonathanubatech:chore/add-security-md
Open

chore: add SECURITY.md security policy#1
jonathanubatech wants to merge 1 commit into
anuba:masterfrom
jonathanubatech:chore/add-security-md

Conversation

@jonathanubatech

Copy link
Copy Markdown

Summary

This PR adds a SECURITY.md security policy to the repository.

Context

An organization-wide security audit of Anuba's GitHub repositories found that this repository (Anuba/web) does not currently have a SECURITY.md file. A security policy is a GitHub-recommended best practice: it gives security researchers a clear, private channel to report vulnerabilities and sets expectations for response and disclosure.

What's included

The added SECURITY.md covers:

  • Supported versions — which versions receive security fixes.
  • How to report a vulnerability — via GitHub Private Vulnerability Reporting (preferred) or email, explicitly steering reports away from public issues.
  • Response process and timeline — acknowledgement and triage targets.
  • Coordinated disclosure policy — a 90-day responsible-disclosure window and contributor credit.

Notes for reviewers

  • The email contact is set to security@anuba.tech as a sensible default — please update it if a different security contact is preferred.
  • The GitHub advisory link assumes Private Vulnerability Reporting is enabled for the repo; you may want to enable it under Settings then Security so the link is active.

Opened as part of the Anuba security audit follow-up.

Adds a security policy documenting supported versions, private
vulnerability reporting channels, response timelines, and a coordinated
disclosure process. Created as part of an org-wide security audit that
found no SECURITY.md present in this repository.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant