diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..0b65e5c --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,25 @@ +# Security Policy + +## Supported Versions + +This section lists the versions of the "Clang-Format Code Style Action for C++" project that are currently being supported with security updates. It's important to use supported versions to ensure the security of your project. + +| Version | Supported | +| ------- | ------------------ | +| 1.0.x | :white_check_mark: | + +## Reporting a Vulnerability + +If you believe you have found a security vulnerability in the "Clang-Format Code Style Action for C++", we encourage you to report it as soon as possible. Please follow these steps: + +1. **Do Not Publicly Disclose**: Do not disclose the vulnerability publicly or to any third parties. Public disclosure can put the entire community at risk. +2. **Report Privately**: Send your vulnerability report privately to [insert your preferred contact method - could be an email address, a secure form, etc.]. Please provide as much information about the vulnerability as possible, including steps to reproduce, potential impact, and suggested mitigation or remediation if available. +3. **Response Timeline**: Our maintainers take security seriously and will respond promptly, typically within 72 hours. We will review your report and work with you to understand and resolve the issue quickly. +4. **Acknowledgment**: If you wish, we will publicly acknowledge your responsible disclosure in our project updates, unless you prefer to remain anonymous. +5. **Updates on Resolution**: We will keep you informed about the progress of resolving the security issue you have reported. + +Remember, security is a top priority for us, and we appreciate your help in keeping our community safe. Thank you for your contribution to the security of the "Clang-Format Code Style Action for C++" project. + +--- + +Contributions to improve this action are always welcome! Feel free to open issues or submit pull requests for general improvements as well.