Add SECURITY.md file following GitHub's template#3535
Conversation
Adds a security policy to the repository to provide a clear path for reporting security vulnerabilities, including: - Supported versions information - Reporting instructions - Expected response times - Preferred communication channels This addresses the lack of a documented security process noted in GHSA-85mx-2hxh-5r8p and provides maintainers with a clear framework for handling security reports.
PR SummaryAdded a root-level SECURITY.md that establishes a clear, GitHub-style security reporting process for the repository. It lists supported versions, how to report vulnerabilities via email, expected acknowledgment and resolution timelines, preferred language, and a responsible disclosure policy. This documentation ensures responsible reporting and provides maintainers with a consistent workflow. Changes
autogenerated by presubmit.ai |
There was a problem hiding this comment.
✅ LGTM!
Review Summary
Commits Considered (1)
- b07a390: Add SECURITY.md file following GitHub's template
Adds a security policy to the repository to provide a clear path for
reporting security vulnerabilities, including:
- Supported versions information
- Reporting instructions
- Expected response times
- Preferred communication channels
This addresses the lack of a documented security process noted in
GHSA-85mx-2hxh-5r8p and provides maintainers with a clear framework
for handling security reports.
Files Processed (1)
- SECURITY.md (1 hunk)
Actionable Comments (0)
Skipped Comments (3)
-
SECURITY.md [16-16]
security: "Use a dedicated security contact channel"
-
SECURITY.md [25-25]
process: "SLA clarification for security reports"
-
SECURITY.md [49-49]
maintainability: "Clarify issue routing for non-security questions"
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #3535 +/- ##
============================================
- Coverage 83.28% 83.25% -0.04%
- Complexity 4023 4029 +6
============================================
Files 1060 1060
Lines 14246 14246
Branches 686 686
============================================
- Hits 11865 11860 -5
- Misses 2094 2102 +8
+ Partials 287 284 -3 ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
Adds a security policy to the repository to provide a clear path for reporting security vulnerabilities, including:
This addresses the lack of a documented security process noted in GHSA-85mx-2hxh-5r8p and provides maintainers with a clear framework for handling security reports.
Pull Request Template
What does this PR do?
What does this PR do?
This pull request adds a SECURITY.md file to establish a clear security reporting process for the java-design-patterns repository. The security policy provides:
Why is this PR needed?
This addresses the lack of a documented security process identified in GHSA-85mx-2hxh-5r8p. As a widely-used learning resource with 94k+ stars, establishing a clear security reporting pathway helps:
Checklist
Additional context
This security policy establishes a foundation for the project's security practices. As the project maintains, the policy can be updated over time based on community feedback and evolving security practices.