Merge pull request #22 from wneessen/fix-21

Add SECURITY.md for reporting vulnerabilities
2024-11-23 14:10:49 +01:00 · 2024-09-16 10:05:55 +02:00 · 2024-09-16 10:05:28 +02:00 · 2024-09-16 09:56:53 +02:00 · 2024-09-16 09:56:04 +02:00
2 changed files with 41 additions and 0 deletions
--- a/.github/workflows/reuse.yml
+++ b/.github/workflows/reuse.yml
@ -6,6 +6,9 @@ name: REUSE Compliance Check
 on: [push, pull_request]
 permissions:
  contents: read
 jobs:
  test:
    runs-on: ubuntu-latest
--- a/SECURITY.md
+++ b/SECURITY.md
@ -0,0 +1,38 @@
 <!--
 SPDX-FileCopyrightText: 2024 Winni Neessen <wn@neessen.dev>
 SPDX-License-Identifier: CC0-1.0
 -->
 # Security Policy
 ## Reporting a Vulnerability
 To report (possible) security issues in niljson, please either send a mail to 
 [wn@neessen.dev](mailto:wn@neessen.dev) or use Github's 
 [private reporting feature](https://github.com/wneessen/niljson/security/advisories/new).
 Reports are always welcome. Even if you are not 100% certain that a specific issue you found
 counts as a security issue, we'd love to hear the details, so we can figure out together if
 the issue in question needds to be addressed.
 Typically, you will receive an answer within a day or even within a few hours.
 ## Encryption
 You can send OpenPGP/GPG encrpyted mails to the [wn@neessen.dev](mailto:wn@neessen.dev) address.
 OpenPGP/GPG public key:
 ```
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 xjMEY8XedRYJKwYBBAHaRw8BAQdAVPb7jn5V7TPWh7lODBPm9SOgS568Plsk
 prDUK/kZWiTNH3duQG5lZXNzZW4uZGV2IDx3bkBuZWVzc2VuLmRldj7CjAQQ
 FgoAPgUCY8XedQQLCQcICRC0L3U6o8fYrQMVCAoEFgACAQIZAQIbAwIeARYh
 BK6dDe0sVXaVAlOuqrQvdTqjx9itAACfPAEAs1SvBmpVk540On+UEdHCbzP0
 aD7bngxm2pUe4+ynzCMBAMt1bZSRaRzItYxiJvXzYH48Z9J6n06eWQbr7wwe
 YBEDzjgEY8XedRIKKwYBBAGXVQEFAQEHQGTblfiuHDaOL72GnBpKTl4dJqxs
 g0ZfOmD2Sfrmdd89AwEIB8J4BBgWCAAqBQJjxd51CRC0L3U6o8fYrQIbDBYh
 BK6dDe0sVXaVAlOuqrQvdTqjx9itAADFrAD8D54IStjrrHlH1cpKCkW60mMB
 Rsn++p/UorLoKfhQa3IA/3p3lWhGZ1RYfj35oFGh2bBu1NYDFr5RPYu2dDsO
 D10A
 =EyfK
 -----END PGP PUBLIC KEY BLOCK-----
 ```
Author	SHA1	Message	Date
Winni Neessen	1bdfdf8b56	Merge pull request #22 from wneessen/fix-21 Some checks failed CodeQL / Analyze (push) Failing after 1s Details golangci-lint / lint (push) Failing after 1s Details Govulncheck Security Scan / test (push) Failing after 1s Details REUSE Compliance Check / test (push) Failing after 1s Details Scorecard supply-chain security / Scorecard analysis (push) Failing after 1s Details SonarQube / Build and analyze (push) Failing after 1s Details Add SECURITY.md for reporting vulnerabilities	2024-09-16 10:05:55 +02:00
Winni Neessen	928939afef	Add SECURITY.md for reporting vulnerabilities Created a SECURITY.md file detailing how to report possible vulnerabilities in the project. Includes contact information, response expectations, and instructions for sending encrypted reports using OpenPGP/GPG.	2024-09-16 10:05:28 +02:00
Winni Neessen	b9cb716230	Merge pull request #20 from wneessen/fix-18 Set permissions to read for workflow	2024-09-16 09:56:53 +02:00
Winni Neessen	b0b7b07a8a	Set permissions to read for workflow Add 'contents: read' permissions to the GitHub Actions workflow configuration. This change enhances security by only allowing read access to the repository contents.	2024-09-16 09:56:04 +02:00