From ce874cadb7f896dc7b8582e07ce85f71c7856047 Mon Sep 17 00:00:00 2001 From: SR Murthy Date: Thu, 18 Jul 2024 22:58:08 +0100 Subject: [PATCH] Update SECURITY.md Signed-off-by: SR Murthy --- SECURITY.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 90d9e13..cab99f2 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -2,9 +2,9 @@ ## Supported Versions -The package currently only uses Python standard libraries (see the [project TOML](https://github.com/sr-murthy/continuedfractions/blob/main/pyproject.toml)), and has no 3rd party dependencies. Security / vulnerability alerts related to [Python itself](https://www.cvedetails.com/vulnerability-list/vendor_id-10210/product_id-18230/Python-Python.html) would be addressed within Python. +Only Python standard libraries are used (see the [project TOML](https://github.com/sr-murthy/continuedfractions/blob/main/pyproject.toml)) - no 3rd party dependencies are involved. Security / vulnerability alerts related to [Python itself](https://www.cvedetails.com/vulnerability-list/vendor_id-10210/product_id-18230/Python-Python.html) would be addressed within Python. -A listing of current security / vulnerability alerts is available via [Dependabot](https://github.com/sr-murthy/continuedfractions/security) - these are usually related to sub-dependencies of optional or development dependencies, and are addressed via dedicated PRs as they arise. +In general, security / vulnerability alerts are managed via [Dependabot](https://github.com/sr-murthy/continuedfractions/security) alerts - these are usually related to sub-dependencies of optional or development dependencies, and are addressed via PRs as they arise. The repository is enabled with a number of features to ensure security, including [CodeQL analysis](https://docs.github.com/en/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning-with-codeql), [Dependabot alerts](https://docs.github.com/en/code-security/dependabot/dependabot-alerts/about-dependabot-alerts) and [secrets scanning](https://docs.github.com/en/code-security/secret-scanning/about-secret-scanning).