Skip to content

Commit

Permalink
chore: set up a security policy
Browse files Browse the repository at this point in the history
  • Loading branch information
zavoloklom committed Sep 19, 2024
1 parent 4163c30 commit 8c220ac
Showing 1 changed file with 49 additions and 0 deletions.
49 changes: 49 additions & 0 deletions SECURITY.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
# Security Policy

## Supported Versions

We actively maintain and support the following versions of the project:

| Version | Supported |
|-----------|--------------------|
| `1.x.x` | :white_check_mark: |
| `< 1.0.0` | :x: |

Please make sure to update to the latest version to ensure you're using the most secure version of our software.

## Reporting a Vulnerability

If you find a vulnerability in our project, please report a security issue, please use the GitHub Security Advisory
["Report a Vulnerability"](https://github.com/zavoloklom/docker-compose-linter/security/advisories/new) tab.

Include as much information as possible about the vulnerability:

- A detailed description of the vulnerability.
- Steps to reproduce the issue.
- Potential impact of the vulnerability (e.g., data leak, privilege escalation).
- Any potential fixes or mitigation steps you've found.

We aim to respond to security reports within 48 hours and provide a timeline for addressing the issue within a week.

Once the issue is resolved, we will provide an acknowledgment in the release notes (unless you prefer to remain
anonymous).

## Security Best Practices

To help ensure the security of your usage of this project, we recommend the following:

- Always use the latest version of the software.
- Avoid using the `latest` tag when pulling images. Instead, specify exact versions.
- Regularly audit dependencies for security vulnerabilities.
- Follow the principle of least privilege when configuring access.

## Responsible Disclosure Policy

We follow a responsible disclosure policy to ensure that security vulnerabilities are handled appropriately. We ask that
you:

- Privately notify us of the issue before making any public disclosure.
- Allow a reasonable amount of time for us to address the vulnerability before you disclose it publicly.

We appreciate your contributions to making our project more secure. Thank you for working with us to protect the
community.

0 comments on commit 8c220ac

Please sign in to comment.