From 8b9e967295da1fe9b51183cad21b2a5acd22f29f Mon Sep 17 00:00:00 2001
From: JiaJia Ji <kingjia90@gmail.com>
Date: Mon, 29 Apr 2024 13:59:33 +0200
Subject: [PATCH] [Task]: Update SECURITY.md  (#65)

* Created stale.yml bot

* Create cla-check.yaml

* Update SECURITY.md

---------

Co-authored-by: Shonster88 <nebojsa.ilic@pimcore.com>
---
 .github/workflows/cla-check.yaml | 14 ++++++++++++++
 .github/workflows/stale.yml      | 10 ++++++++++
 SECURITY.md                      |  5 +++--
 3 files changed, 27 insertions(+), 2 deletions(-)
 create mode 100644 .github/workflows/cla-check.yaml
 create mode 100644 .github/workflows/stale.yml

diff --git a/.github/workflows/cla-check.yaml b/.github/workflows/cla-check.yaml
new file mode 100644
index 0000000..2c7cc9d
--- /dev/null
+++ b/.github/workflows/cla-check.yaml
@@ -0,0 +1,14 @@
+name: CLA check
+
+on:
+  issue_comment:
+    types: [created]
+  pull_request_target:
+    types: [opened, closed, synchronize]
+
+jobs:
+  cla-workflow:
+    uses: pimcore/workflows-collection-public/.github/workflows/reusable-cla-check.yaml@v1.3.0
+    if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
+    secrets:
+      CLA_ACTION_ACCESS_TOKEN: ${{ secrets.CLA_ACTION_ACCESS_TOKEN }}
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
new file mode 100644
index 0000000..553c3b5
--- /dev/null
+++ b/.github/workflows/stale.yml
@@ -0,0 +1,10 @@
+name: Handle stale issues
+
+on:
+  workflow_dispatch:
+  schedule:
+      - cron: '37 7 * * *'
+
+jobs:
+  call-stale-workflow:
+    uses: pimcore/workflows-collection-public/.github/workflows/stale.yml@v1.1.0
diff --git a/SECURITY.md b/SECURITY.md
index 6b6917f..15268a0 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -4,7 +4,9 @@
 
 If you think that you have found a security issue, 
 don’t use the bug tracker and don’t publish it publicly. 
-Instead, all security issues must be reported via 📫 to [security-issue@pimcore.com](mailto:security-issue@pimcore.com).
+Instead, all security issues must be reported via a private vulnerability report.
+
+Please follow the [instructions](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability) to submit a private report.
 
 
 ## Resolving Process
@@ -18,4 +20,3 @@ Every submitted security issue is handled with top priority by following these s
 6. Patch reviewing 
 7. Tagging a new release for supported versions
 8. Publish security announcement
-