From e7fde336dc79fee78ce7be7f7a5b2c9e3e32aae1 Mon Sep 17 00:00:00 2001 From: Ewen Quimerc'h <46993939+EwenQuim@users.noreply.github.com> Date: Fri, 13 Dec 2024 19:57:43 +0100 Subject: [PATCH] Added Security Policy (#269) --- Makefile | 2 +- SECURITY.md | 25 +++++++++++++++++++++++++ 2 files changed, 26 insertions(+), 1 deletion(-) create mode 100644 SECURITY.md diff --git a/Makefile b/Makefile index 7d6ca163..1c245d57 100644 --- a/Makefile +++ b/Makefile @@ -37,7 +37,7 @@ lint: golangci-lint run ${FIX} ./... lint-markdown: - markdownlint --ignore documentation/node_modules --dot . + markdownlint ${FIX} --ignore documentation/node_modules --dot . # Update golden files golden-update: diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..eedd94c6 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,25 @@ +# Security Policy + +## Supported Versions + +The following table outlines which versions of Fuego are actively supported with security updates. Please ensure that you are using a supported version to benefit from the latest patches and improvements. + +| Version | Supported | +| ----------------------------------------------- | ---------------------- | +| 0.x.y (x being the latest version released) | :white_check_mark: Yes | +| 0.x.y (x being NOT the latest version released) | :x: No | + +## Reporting a Vulnerability + +Fuego relies on its community to ensure its security. Here is how to report a vulnerability: + +1. **Send a Pull Request (PR):** If possible, immediately send a PR addressing the vulnerability and tag the maintainers for a quick review. +2. **Dependency Issues:** For supply chain or dependency-related vulnerabilities, update the all modules with `make check-all-modules` and submit a PR. +3. **Direct Contact:** If you cannot send a PR or the issue requires further discussion, please contact the maintainers directly by email. + +### Important Notes + +- Please do not publicly disclose the vulnerability until it has been addressed and patched. +- We are committed to transparency and will publicly acknowledge reporters in the release notes unless requested otherwise. + +Your cooperation helps ensure Fuego remains a secure and reliable framework for everyone.