Merge pull request #48 from dabumana/security-policy

Create SECURITY.md
dabumana · Sep 19, 2023 · 92d7de2 · 92d7de2
2 parents a691fc8 + d5bc2e9
commit 92d7de2
Showing 1 changed file with 31 additions and 0 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,31 @@
+# Security Policy
+### Repository Security Policy
+#### 1. Introduction
+This policy outlines the security measures and best practices to ensure the integrity and safety of our GitHub repository.
+#### 2. Access Control
+Collaborator Access: Only trusted individuals should be given collaborator access.
+Two-Factor Authentication (2FA): Enforce the use of 2FA for all collaborators.
+#### 3. Code Reviews
+All changes must go through a pull request and be approved by at least one other collaborator before being merged into the main branch.
+#### 4. Vulnerability Management
+Regularly use automated security features like Dependabot alerts and security advisories to identify vulnerable dependencies.
+Address identified vulnerabilities in a timely manner.
+#### 5. Branch Protection
+Protect the main branch to prevent direct pushes.
+Require status checks to pass before merging pull requests.
+#### 6. Secret Management
+Never commit sensitive data, like passwords or API keys, directly into the repository.
+Use GitHub secrets or environment variables for storing sensitive data.
+#### 7. Incident Response
+Have a plan in place for responding to security incidents, such as a detected breach or vulnerability.
+#### 8. Training and Awareness
+Ensure all collaborators are aware of this policy and have basic security awareness training.
+Remember, this is just a basic outline. Depending on the specifics of your project, you may need to add or modify sections. It’s always a good idea to consult with a security professional when creating a security policy.
+
+## Supported Versions
+
+Following versions will be supported for further issue resolution.
+
+| Version | Supported |
+| ------- | ------------------ |
+| < 1.0.x | :white_check_mark: |