diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..313aa99 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,16 @@ +# Security Policy + +## Supported Versions + +The matrix below shows which versions are currently being supported with security updates. + +| Version | Supported | +| ------- | ------------------ | +| 3.x.x | :white_check_mark: | +| < 3.0 | :x: | + +## Reporting a Vulnerability + +This project has Snyk and CodeQL configured on the workflow and running constantly to help prevent security vulnerabilities. However, if you were to find a vulnerability, please create a GitHub [issue](https://github.com/JoseLion/maybe/issues/new) explaining the problem. Adding as many details as possible will help to tackle the problem swiftly. + +Given the vulnerability report is accepted, it'll have a high priority to be worked next. A new version will be released as soon as the vulnerability fix is merged. If the vulnerability report is declined, you can expect a clear and logical explanation, but if you think the reasons are not right or not enough, feel free to leave a comment on the reported issue.