From 76ff9ac5eb55174d4470a6b781987e869fbb8ae0 Mon Sep 17 00:00:00 2001 From: "Mr. Z" Date: Thu, 23 Oct 2025 14:38:01 -0400 Subject: [PATCH] sync: update .github/SECURITY.md from source repository --- .github/SECURITY.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/SECURITY.md b/.github/SECURITY.md index 257cb9b..2735b68 100644 --- a/.github/SECURITY.md +++ b/.github/SECURITY.md @@ -66,7 +66,7 @@ We follow the [OpenSSF](https://openssf.org) best practices to ensure this repos To proactively protect this repository, we use several automated GitHub workflows: -- **[CodeQL Analysis](./github/workflows/codeql-analysis.yml)**: Scans the codebase for security vulnerabilities and coding errors using GitHub's CodeQL engine on every push and pull request to the `main/master` branch. -- **[OpenSSF Scorecard](./github/workflows/scorecard.yml)**: Periodically evaluates the repository against OpenSSF Scorecard checks, providing insights and recommendations for improving supply chain security and best practices. +- **[CodeQL Analysis](./.github/workflows/codeql-analysis.yml)**: Scans the codebase for security vulnerabilities and coding errors using GitHub's CodeQL engine on every push and pull request to the `main/master` branch. +- **[OpenSSF Scorecard](./.github/workflows/scorecard.yml)**: Periodically evaluates the repository against OpenSSF Scorecard checks, providing insights and recommendations for improving supply chain security and best practices. These workflows help us identify, remediate, and prevent security issues as early as possible in the development lifecycle. For more details, see the workflow files in the [`.github/workflows/`](.github/workflows) directory.