Skip to content

Add SECURITY.md file following GitHub's template#3535

Open
giabaow wants to merge 1 commit into
iluwatar:masterfrom
giabaow:master
Open

Add SECURITY.md file following GitHub's template#3535
giabaow wants to merge 1 commit into
iluwatar:masterfrom
giabaow:master

Conversation

@giabaow

@giabaow giabaow commented Jul 2, 2026

Copy link
Copy Markdown

Adds a security policy to the repository to provide a clear path for reporting security vulnerabilities, including:

  • Supported versions information
  • Reporting instructions
  • Expected response times
  • Preferred communication channels

This addresses the lack of a documented security process noted in GHSA-85mx-2hxh-5r8p and provides maintainers with a clear framework for handling security reports.

Pull Request Template

What does this PR do?

What does this PR do?

This pull request adds a SECURITY.md file to establish a clear security reporting process for the java-design-patterns repository. The security policy provides:

  • Information about supported versions (main branch receives security updates)
  • Clear instructions for reporting security vulnerabilities via email (rather than public issues)
  • Expected response times (48-hour acknowledgment, 30-day fix target)
  • Preferred communication channels (English preferred)
  • A responsible disclosure policy following GitHub's recommended template

Why is this PR needed?

This addresses the lack of a documented security process identified in GHSA-85mx-2hxh-5r8p. As a widely-used learning resource with 94k+ stars, establishing a clear security reporting pathway helps:

  • Prevent accidental public disclosure of vulnerabilities through GitHub issues
  • Provide maintainers with a structured process for handling security reports
  • Set clear expectations for security reporters regarding response times
  • Improve overall security posture for the project's large user community

Checklist

  • Added SECURITY.md file following GitHub's recommended template
  • Included supported versions information
  • Provided clear reporting instructions (email to maintainers)
  • Set expectations for response and resolution times
  • Added responsible disclosure policy
  • Verified no existing SECURITY.md file existed
  • Ensured file is in repository root for GitHub to automatically display

Additional context

This security policy establishes a foundation for the project's security practices. As the project maintains, the policy can be updated over time based on community feedback and evolving security practices.

Adds a security policy to the repository to provide a clear path for
reporting security vulnerabilities, including:
- Supported versions information
- Reporting instructions
- Expected response times
- Preferred communication channels

This addresses the lack of a documented security process noted in
GHSA-85mx-2hxh-5r8p and provides maintainers with a clear framework
for handling security reports.
@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown

PR Summary

Added a root-level SECURITY.md that establishes a clear, GitHub-style security reporting process for the repository. It lists supported versions, how to report vulnerabilities via email, expected acknowledgment and resolution timelines, preferred language, and a responsible disclosure policy. This documentation ensures responsible reporting and provides maintainers with a consistent workflow.

Changes

File Summary
SECURITY.md Added a root-level SECURITY.md following GitHub's template. It documents supported versions, how to report vulnerabilities via email, expected response times and fix timelines, preferred language, and the scope of the policy to guide responsible disclosure and improve project security posture.

autogenerated by presubmit.ai

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

Review Summary

Commits Considered (1)
  • b07a390: Add SECURITY.md file following GitHub's template

Adds a security policy to the repository to provide a clear path for
reporting security vulnerabilities, including:

  • Supported versions information
  • Reporting instructions
  • Expected response times
  • Preferred communication channels

This addresses the lack of a documented security process noted in
GHSA-85mx-2hxh-5r8p and provides maintainers with a clear framework
for handling security reports.

Files Processed (1)
  • SECURITY.md (1 hunk)
Actionable Comments (0)
Skipped Comments (3)
  • SECURITY.md [16-16]

    security: "Use a dedicated security contact channel"

  • SECURITY.md [25-25]

    process: "SLA clarification for security reports"

  • SECURITY.md [49-49]

    maintainability: "Clarify issue routing for non-security questions"

@codecov

codecov Bot commented Jul 2, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 83.25%. Comparing base (fcdf639) to head (b07a390).

Additional details and impacted files
@@             Coverage Diff              @@
##             master    #3535      +/-   ##
============================================
- Coverage     83.28%   83.25%   -0.04%     
- Complexity     4023     4029       +6     
============================================
  Files          1060     1060              
  Lines         14246    14246              
  Branches        686      686              
============================================
- Hits          11865    11860       -5     
- Misses         2094     2102       +8     
+ Partials        287      284       -3     

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant