From 1da2e7549b4bae5eab3665a6395645c701426634 Mon Sep 17 00:00:00 2001 From: fproject Date: Mon, 25 May 2026 17:44:38 +0530 Subject: [PATCH 1/2] docs: add SECURITY.md security policy documentation --- SECURITY.md | 118 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 118 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..ceba0922 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,118 @@ +# 🔒 Security Policy + +Thank you for helping keep **GitHub Tracker** and its community safe. + +We take security vulnerabilities seriously and appreciate responsible disclosure from contributors, users, and security researchers. +Please report security issues responsibly and avoid public disclosure until the issue has been resolved. +--- + +# 📌 Supported Versions + +The following table outlines the versions of the project currently receiving security updates and maintenance support. + +| Version | Supported | +| ------- | --------- | +| Latest `main` branch | ✅ | +| Older versions | ❌ | + +We recommend always using the latest version of the project to benefit from recent security fixes and improvements. + +--- + +# 🚨 Reporting a Vulnerability + +If you discover a security vulnerability within this project, please report it responsibly. + +## Please Do NOT + +- Open a public GitHub issue for security vulnerabilities +- Publicly disclose the vulnerability before it has been reviewed +- Share exploit details publicly without prior coordination + +--- + +# 📬 How to Report + +Please report vulnerabilities by contacting the maintainers through one of the following methods: + +- Open a private security advisory (if enabled) +- Contact the repository maintainers directly via GitHub +- Provide detailed reproduction steps and supporting information + +When submitting a report, please include: + +- Description of the vulnerability +- Steps to reproduce the issue +- Potential impact +- Screenshots or proof-of-concept (if applicable) +- Suggested fixes or mitigation ideas (optional) + +--- + +# 🔍 What to Expect + +After a vulnerability report is submitted: + +1. The maintainers will review the report +2. The issue will be validated and assessed +3. A fix or mitigation strategy will be prepared +4. Security patches may be released if necessary +5. Responsible disclosure coordination will be followed before public release + +We aim to acknowledge valid security reports within a reasonable timeframe. + +--- + +# 🛡 Responsible Disclosure Guidelines + +To help protect users and contributors, we request that you: + +- Act in good faith +- Avoid accessing or modifying data that does not belong to you +- Avoid disrupting repository services or workflows +- Provide sufficient details for reproduction +- Allow maintainers reasonable time to investigate and resolve issues + +--- + +# 🔐 Security Best Practices for Contributors + +Contributors are encouraged to follow secure development practices: + +- Keep dependencies updated +- Avoid committing secrets or API keys +- Validate and sanitize user input +- Follow secure authentication practices +- Review dependencies for known vulnerabilities + +--- + +# 📦 Dependency Security + +This project uses modern JavaScript and Node.js tooling including: + +- React + Vite +- Node.js + Express +- TailwindCSS +- Axios +- MongoDB / Mongoose + +Contributors should regularly audit dependencies using: + +```bash +npm audit +``` + +To automatically fix non-breaking vulnerabilities: + +```bash +npm audit fix +``` + +--- + +# 🤝 Security Acknowledgements + +We appreciate responsible security disclosures and value the efforts of contributors helping improve the security and reliability of this project. + +Thank you for helping make **GitHub Tracker** safer for everyone. 🚀 \ No newline at end of file From be3a0db1e6b36190f1078077559af84c649baa38 Mon Sep 17 00:00:00 2001 From: fproject Date: Mon, 25 May 2026 20:48:40 +0530 Subject: [PATCH 2/2] docs: improve SECURITY.md formatting and reporting guidance --- SECURITY.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index ceba0922..37dd3b84 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -3,7 +3,9 @@ Thank you for helping keep **GitHub Tracker** and its community safe. We take security vulnerabilities seriously and appreciate responsible disclosure from contributors, users, and security researchers. + Please report security issues responsibly and avoid public disclosure until the issue has been resolved. + --- # 📌 Supported Versions @@ -12,7 +14,7 @@ The following table outlines the versions of the project currently receiving sec | Version | Supported | | ------- | --------- | -| Latest `main` branch | ✅ | +| Current development version | ✅ | | Older versions | ❌ | We recommend always using the latest version of the project to benefit from recent security fixes and improvements. @@ -35,8 +37,8 @@ If you discover a security vulnerability within this project, please report it r Please report vulnerabilities by contacting the maintainers through one of the following methods: -- Open a private security advisory (if enabled) -- Contact the repository maintainers directly via GitHub +- Open a private GitHub Security Advisory (if enabled) +- Contact repository maintainers through GitHub Discussions or direct GitHub communication - Provide detailed reproduction steps and supporting information When submitting a report, please include: