Create SECURITY.md

mathuo · Jan 27, 2025 · ca09ae5 · ca09ae5
1 parent e9985df
commit ca09ae5
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,8 @@
+# Reporting a Vulnerability
+
+- Dockview is an entirely open source project.
+- All build and publication scripts use public Github Action files found [here](https://github.com/mathuo/dockview/tree/master/.github/workflows).
+- All npm publications are verified through the use of [provenance statements](https://docs.npmjs.com/generating-provenance-statements/).
+- All builds are scanned with SonarCube and outputs can be found [here](https://sonarcloud.io/summary/overall?id=mathuo_dockview).
+
+If you believe you have found a security or vulnerability issue please send a complete example to [email protected] where it will be investigated.