44r0n7/privacy.sexy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
cf55ca9e28b064fa7a516077a9da23e3a8e3f534
privacy.sexy/SECURITY.md
undergroundwires 3e5239f7d3 Add SAST security checks with SECURITY.md #178 
This commit incorporates Static Analysis Security Testing (SAST) using
CodeQL. This integration will enforce consistent security assessments
with every change and on a predetermined schedule.

This commit also involves a restructure of security checks. The existing
security-checks workflow is renamed to better reflect its functionality
related to dependency audits.

These changes will enhance the project's resilience against potential
vulnerabilities in both the codebase and third-party dependencies.

Changes include:

- Remove older LGTM badge that's replaced by SAST checks.
- Rename `checks.security.yaml` to `checks.security.dependencies.yaml`,
  reinforcing the focus on dependency audits.
- Update `README.md`, ensuring the clear representation of security
  check statuses, including new SAST integration.
- Add new `SECURITY.md`, establishing the protocol for reporting
  vulnerabilities and outlining the project's commitment to robust
  security testing.
- Enhance `docs/tests.md` with detailed information on the newly
  integrated security checks.
- Add reference to SECURITY.md in README.md.
2023-09-28 15:19:09 +02:00

1.5 KiB
Raw Blame History

Security Policy

privacy.sexy takes security seriously. Commitment is made to address all security issues with urgency. Responsible reporting of any discovered vulnerabilities in the project is highly encouraged.

Reporting a Vulnerability

Efforts to responsibly disclose findings are greatly appreciated. To report a security vulnerability, follow these steps:

Security Report Handling

Upon receipt of a security report, the following actions will be taken:

  • The report will be confirmed, identifying the affected components.
  • The impact and severity of the issue will be assessed.
  • Work on a fix and plan a release to address the vulnerability will be initiated.
  • The reporter will be kept updated about the progress.

Testing

Regular and extensive testing is conducted to ensure robust security in the project. Information about testing practices can be found in the Testing Documentation.

Support

For additional assistance or any unanswered questions, submit a GitHub issue. Security concerns are a priority, and necessary support to address them is assured.

Active contribution to the safety and security of privacy.sexy is thanked. This collaborative effort keeps the project resilient and trustworthy for all.

Reference in New Issue View Git Blame Copy Permalink