Skip to content

docs: add security policy#7

Merged
finallyjay merged 1 commit into
mainfrom
docs/security
Apr 14, 2026
Merged

docs: add security policy#7
finallyjay merged 1 commit into
mainfrom
docs/security

Conversation

@finallyjay

@finallyjay finallyjay commented Apr 14, 2026

Copy link
Copy Markdown
Owner

Summary

  • Add SECURITY.md documenting how to privately report issues via GitHub advisories.
  • List supported versions, expected response timelines, and scope (in and out).
  • Satisfies the Security Policy item in GitHub's community health checklist.

Test plan

  • File renders on GitHub
  • Links to GitHub's advisory docs resolve
  • GitHub community profile shows Security Policy as present after merge

🤖 Generated with Claude Code

@finallyjay @claude
Add security policy
e27fba8 
Document supported versions, the private reporting path via GitHub
advisories, expected response timelines, and what is in and out of
scope. Gives researchers a clear way to disclose issues without filing
public tickets.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings April 14, 2026 07:41
Copilot AI reviewed Apr 14, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a GitHub-compatible security policy document so users can privately report vulnerabilities and understand support/scope expectations.

Changes:

  • Introduces SECURITY.md with instructions for private vulnerability reporting via GitHub Security Advisories.
  • Documents supported versions, expected response timelines, and in-scope/out-of-scope security issues.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread SECURITY.md
Comment on lines +7 to +14
This project tracks a single active line. Only the latest release on the
`main` branch receives fixes. If you are running an older version, please
upgrade before reporting an issue.

| Version | Supported |
|---------|-----------|
| Latest `main` | Yes |
| Older tags | No |

Copilot AI Apr 14, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The wording here mixes “latest release” with “main branch” (releases are typically tags), and the table row label “Latest main” can be read ambiguously. Consider rephrasing to consistently describe the supported artifact (e.g., “latest commit on main” or “latest GitHub Release/tag only”) and align the table row to match.

Suggested change
This project tracks a single active line. Only the latest release on the
`main` branch receives fixes. If you are running an older version, please
upgrade before reporting an issue.
| Version | Supported |
|---------|-----------|
| Latest `main` | Yes |
| Older tags | No |
This project tracks a single active line. Only the latest commit on the
`main` branch receives fixes. If you are running an older commit or tag,
please upgrade before reporting an issue.
| Version | Supported |
|--------------------------|-----------|
| Latest commit on `main` | Yes |
| Older commits/tags | No |

Copilot uses AI. Check for mistakes.
@finallyjay finallyjay merged commit ce540c7 into main Apr 14, 2026
5 checks passed
@finallyjay finallyjay deleted the docs/security branch April 14, 2026 07:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@finallyjay