This repository has been archived by the owner on Jan 21, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #48 from dabumana/security-policy
Create SECURITY.md
- Loading branch information
Showing
1 changed file
with
31 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
# Security Policy | ||
### Repository Security Policy | ||
#### 1. Introduction | ||
This policy outlines the security measures and best practices to ensure the integrity and safety of our GitHub repository. | ||
#### 2. Access Control | ||
Collaborator Access: Only trusted individuals should be given collaborator access. | ||
Two-Factor Authentication (2FA): Enforce the use of 2FA for all collaborators. | ||
#### 3. Code Reviews | ||
All changes must go through a pull request and be approved by at least one other collaborator before being merged into the main branch. | ||
#### 4. Vulnerability Management | ||
Regularly use automated security features like Dependabot alerts and security advisories to identify vulnerable dependencies. | ||
Address identified vulnerabilities in a timely manner. | ||
#### 5. Branch Protection | ||
Protect the main branch to prevent direct pushes. | ||
Require status checks to pass before merging pull requests. | ||
#### 6. Secret Management | ||
Never commit sensitive data, like passwords or API keys, directly into the repository. | ||
Use GitHub secrets or environment variables for storing sensitive data. | ||
#### 7. Incident Response | ||
Have a plan in place for responding to security incidents, such as a detected breach or vulnerability. | ||
#### 8. Training and Awareness | ||
Ensure all collaborators are aware of this policy and have basic security awareness training. | ||
Remember, this is just a basic outline. Depending on the specifics of your project, you may need to add or modify sections. It’s always a good idea to consult with a security professional when creating a security policy. | ||
|
||
## Supported Versions | ||
|
||
Following versions will be supported for further issue resolution. | ||
|
||
| Version | Supported | | ||
| ------- | ------------------ | | ||
| < 1.0.x | :white_check_mark: | |