docs(security): add bug bounty (#2319)

Change-Id: I74b81542fe941c20cd709eda70ee55ba4ba8d480
Mergifyio · Sep 28, 2023 · cd6bc95 · cd6bc95
1 parent 5260294
commit cd6bc95
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/src/content/security.mdx b/src/content/security.mdx
@@ -4,6 +4,7 @@ description: Learn more about Mergify security obsession.
 ---
 
 import { Button, ButtonGroup, Table, Tbody, Td, Th, Thead, Tr } from '@chakra-ui/react';
+import { PrimaryLink } from '../components/RelativeLink';
 
 At Mergify, security is of utmost importance to us. We understand the crucial
 role we play in the software development process and are fully committed to
@@ -31,6 +32,17 @@ prioritize your trust. Click the button above to access our Trust Report page,
 where you will find in-depth information on our security measures and our
 ongoing commitment to protecting your data.
 
+## Bug Bounty Program
+
+Mergify hosts its private Bug Bounty program with HackerOne. If you’re an
+independent security expert or researcher and believe you’ve discovered a
+security-related issue on our platform, we appreciate you disclosing the issue
+to us responsibly, and thank you for your time and expertise.
+
+If you want to participate in our private Bug Bounty Program, send us an email
+at <PrimaryLink href="security@mergify.com">security@mergify.com</PrimaryLink>
+with your HackerOne username or the email you want an invitation for.
+
 ## Required Permissions
 
 Below is the list of the required permission on GitHub for