From 6695bea395e279c3818f7e7bc1246933cf847416 Mon Sep 17 00:00:00 2001
From: Kerry McAdams <kerry.mcadams@ansys.com>
Date: Fri, 27 Jun 2025 09:39:29 -0400
Subject: [PATCH 1/5] add vulnerability action

---
 .github/workflows/ci_cd.yml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/.github/workflows/ci_cd.yml b/.github/workflows/ci_cd.yml
index 29c0487f..e536d2eb 100644
--- a/.github/workflows/ci_cd.yml
+++ b/.github/workflows/ci_cd.yml
@@ -17,6 +17,17 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
+  check-vulnerabilities:
+    name: "Check library vulnerabilities"
+    runs-on: ubuntu-latest
+    steps:
+      - uses: ansys/actions/check-vulnerabilities@v10.0
+        with:
+          python-version: ${{ env.MAIN_PYTHON_VERSION }}
+          token: ${{ secrets.PYANSYS_CI_BOT_TOKEN }}
+          python-package-name: 'ansys-pre-commit-hooks'
+          dev-mode: ${{ github.ref != "refs/heads/main" }}
+
   update-changelog:
     name: "Update CHANGELOG for new tag"
     if: github.event_name == 'push' && contains(github.ref, 'refs/tags')

From cf0ac4ec8308a5451265cc42bd17e7004273c0bb Mon Sep 17 00:00:00 2001
From: Kerry McAdams <kerry.mcadams@ansys.com>
Date: Fri, 27 Jun 2025 09:43:58 -0400
Subject: [PATCH 2/5] add security.md file

---
 SECURITY.md | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..5a88c014
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,16 @@
+# Security Policy
+
+## Reporting a vulnerability
+
+> [!CAUTION]
+> Do not use GitHub issues to report any security vulnerabilities.
+
+If you detect a vulnerability, contact the [PyAnsys Core team](mailto:pyansys.core@ansys.com),
+mentioning the repository and the details of your finding. The team will address it as soon as possible.
+
+Provide the PyAnsys Core team with this information:
+
+- Any specific configuration settings needed to reproduce the problem
+- Step-by-step guidance to reproduce the problem
+- The exact location of the problematic source code, including tag, branch, commit, or a direct URL
+- The potential consequences of the vulnerability, along with a description of how an attacker could take advantage of the issue

From 86e98715113fce64fbdaee10fb9677d088b061e4 Mon Sep 17 00:00:00 2001
From: pyansys-ci-bot <92810346+pyansys-ci-bot@users.noreply.github.com>
Date: Fri, 27 Jun 2025 13:49:39 +0000
Subject: [PATCH 3/5] chore: adding changelog file 324.maintenance.md
 [dependabot-skip]

---
 doc/changelog.d/324.maintenance.md | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 doc/changelog.d/324.maintenance.md

diff --git a/doc/changelog.d/324.maintenance.md b/doc/changelog.d/324.maintenance.md
new file mode 100644
index 00000000..059b87de
--- /dev/null
+++ b/doc/changelog.d/324.maintenance.md
@@ -0,0 +1 @@
+Add `ansys/actions/check-vulnerabilities` action and `security.md` file
\ No newline at end of file

From 632edc5ac6fe9c87bf2d8232daf685000dcd7293 Mon Sep 17 00:00:00 2001
From: Kerry McAdams <kerry.mcadams@ansys.com>
Date: Fri, 27 Jun 2025 09:57:56 -0400
Subject: [PATCH 4/5] move step

---
 .github/workflows/ci_cd.yml | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/ci_cd.yml b/.github/workflows/ci_cd.yml
index e536d2eb..01d01005 100644
--- a/.github/workflows/ci_cd.yml
+++ b/.github/workflows/ci_cd.yml
@@ -17,17 +17,6 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  check-vulnerabilities:
-    name: "Check library vulnerabilities"
-    runs-on: ubuntu-latest
-    steps:
-      - uses: ansys/actions/check-vulnerabilities@v10.0
-        with:
-          python-version: ${{ env.MAIN_PYTHON_VERSION }}
-          token: ${{ secrets.PYANSYS_CI_BOT_TOKEN }}
-          python-package-name: 'ansys-pre-commit-hooks'
-          dev-mode: ${{ github.ref != "refs/heads/main" }}
-
   update-changelog:
     name: "Update CHANGELOG for new tag"
     if: github.event_name == 'push' && contains(github.ref, 'refs/tags')
@@ -43,6 +32,17 @@ jobs:
           bot-user: ${{ secrets.PYANSYS_CI_BOT_USERNAME }}
           bot-email: ${{ secrets.PYANSYS_CI_BOT_EMAIL }}
 
+  check-vulnerabilities:
+    name: "Check library vulnerabilities"
+    runs-on: ubuntu-latest
+    steps:
+      - uses: ansys/actions/check-vulnerabilities@v10.0
+        with:
+          python-version: ${{ env.MAIN_PYTHON_VERSION }}
+          token: ${{ secrets.PYANSYS_CI_BOT_TOKEN }}
+          python-package-name: ${{ env.LIBRARY_NAME }}
+          dev-mode: ${{ github.ref != "refs/heads/main" }}
+
   style:
     name: Code style
     runs-on: ubuntu-latest

From 8388de3194981401bc5c1cfad896811e7ab1c882 Mon Sep 17 00:00:00 2001
From: Kerry McAdams <kerry.mcadams@ansys.com>
Date: Fri, 27 Jun 2025 10:00:26 -0400
Subject: [PATCH 5/5] use single quotes instead of double

---
 .github/workflows/ci_cd.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci_cd.yml b/.github/workflows/ci_cd.yml
index 01d01005..49493beb 100644
--- a/.github/workflows/ci_cd.yml
+++ b/.github/workflows/ci_cd.yml
@@ -41,7 +41,7 @@ jobs:
           python-version: ${{ env.MAIN_PYTHON_VERSION }}
           token: ${{ secrets.PYANSYS_CI_BOT_TOKEN }}
           python-package-name: ${{ env.LIBRARY_NAME }}
-          dev-mode: ${{ github.ref != "refs/heads/main" }}
+          dev-mode: ${{ github.ref != 'refs/heads/main' }}
 
   style:
     name: Code style