Skip to content

Commit

Permalink
Updating docs for security, fuzz, codeql, gosec
Browse files Browse the repository at this point in the history
Signed-off-by: Matt Farina <matt@mattfarina.com>
  • Loading branch information
mattfarina committed Apr 10, 2023
1 parent e485a0d commit 36ea773
Show file tree
Hide file tree
Showing 2 changed files with 33 additions and 0 deletions.
14 changes: 14 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,8 @@ If you are looking for a command line tool for version comparisons please see

## Package Versions

Note, import `github.com/github.com/Masterminds/semver/v3` to use the latest version.

There are three major versions fo the `semver` package.

* 3.x.x is the stable and active version. This version is focused on constraint
Expand Down Expand Up @@ -242,3 +244,15 @@ for _, m := range msgs {

If you find an issue or want to contribute please file an [issue](https://github.com/Masterminds/semver/issues)
or [create a pull request](https://github.com/Masterminds/semver/pulls).

## Security

Security is an important consideration for this project. The project currently
uses the following tools to help discover security issues:

* [CodeQL](https://github.com/Masterminds/semver)
* [gosec](https://github.com/securego/gosec)
* Daily Fuzz testing

If you believe you have found a security vulnerability you can privately disclose
it through the [GitHub security page](https://github.com/Masterminds/semver/security).
19 changes: 19 additions & 0 deletions SECURITY.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
# Security Policy

## Supported Versions

The following versions of semver are currently supported:

| Version | Supported |
| ------- | ------------------ |
| 3.x | :white_check_mark: |
| 2.x | :x: |
| 1.x | :x: |

Fixes are only released for the latest minor version in the form of a patch release.

## Reporting a Vulnerability

You can privately disclose a vulnerability through GitHubs
[private vulnerability reporting](https://github.com/Masterminds/semver/security/advisories)
mechanism.

0 comments on commit 36ea773

Please sign in to comment.