Skip to content

docs: add a security policy (SECURITY.md)#91

Merged
Reefact merged 1 commit into
mainfrom
claude/security-policy
Jul 10, 2026
Merged

docs: add a security policy (SECURITY.md)#91
Reefact merged 1 commit into
mainfrom
claude/security-policy

Conversation

@Reefact

@Reefact Reefact commented Jul 10, 2026

Copy link
Copy Markdown
Owner

Summary

Add a root SECURITY.md so the project has a published security policy: how to report a vulnerability privately, which versions are supported, what response to expect, and how coordinated disclosure works. GitHub surfaces it as the repository's security policy, and it satisfies the OpenSSF Scorecard Security-Policy check.

Type of change

  • Documentation

Changes

  • Add SECURITY.md at the repository root (a location GitHub recognizes, alongside README.md / CONTRIBUTING.md), covering:
    • Supported versions — security updates target the latest stable release.
    • Reporting a vulnerability — private reporting via GitHub security advisories (no public issues/PRs), with the information to include.
    • What to expect — acknowledgement and assessment timelines, and coordinated disclosure within 90 days when reasonable.
    • Scope — what does and does not qualify as a security vulnerability.
    • Disclosure process and recognition of reporters (no paid bounty program).

Testing

  • dotnet build FirstClassErrors.sln
  • dotnet test FirstClassErrors.sln
  • Analyzer tests pass (FirstClassErrors.Analyzers.UnitTests)

Not applicable — a single documentation file is added; no source is touched.

Documentation

  • No documentation change required — SECURITY.md is a repository policy file, not part of the library's user documentation under doc/, so no README or doc/ change is needed.

Related issues

Add a root SECURITY.md describing supported versions, private vulnerability
reporting via GitHub security advisories, response expectations, scope, the
coordinated-disclosure process, and reporter recognition. GitHub surfaces it as
the repository's security policy, and it satisfies the OpenSSF Scorecard
Security-Policy check.
@Reefact Reefact enabled auto-merge July 10, 2026 23:33
@Reefact Reefact merged commit 9a835b1 into main Jul 10, 2026
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants