From ca09ae537d926f060d084df62ac8e8e98a22d66e Mon Sep 17 00:00:00 2001
From: mathuo <6710312+mathuo@users.noreply.github.com>
Date: Mon, 27 Jan 2025 22:35:43 +0000
Subject: [PATCH] Create SECURITY.md

---
 SECURITY.md | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..d04d9fe59
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,8 @@
+# Reporting a Vulnerability
+
+- Dockview is an entirely open source project.
+- All build and publication scripts use public Github Action files found [here](https://github.com/mathuo/dockview/tree/master/.github/workflows).
+- All npm publications are verified through the use of [provenance statements](https://docs.npmjs.com/generating-provenance-statements/).
+- All builds are scanned with SonarCube and outputs can be found [here](https://sonarcloud.io/summary/overall?id=mathuo_dockview).
+
+If you believe you have found a security or vulnerability issue please send a complete example to github.mathuo@gmail.com where it will be investigated.