From 9dc0c5c5d745e255afa0f3a8b9f36e250cc21177 Mon Sep 17 00:00:00 2001 From: "Mr. Z" Date: Thu, 23 Oct 2025 14:38:00 -0400 Subject: [PATCH] sync: update .github/SECURITY.md from source repository --- .github/SECURITY.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/SECURITY.md b/.github/SECURITY.md index f211ac3..ef83aee 100644 --- a/.github/SECURITY.md +++ b/.github/SECURITY.md @@ -66,7 +66,7 @@ We follow the [OpenSSF](https://openssf.org) best practices to ensure this repos To proactively protect this repository, we use several automated GitHub workflows: -- **[CodeQL Analysis](./github/workflows/codeql-analysis.yml)**: Scans the codebase for security vulnerabilities and coding errors using GitHub's CodeQL engine on every push and pull request to the `main/master` branch. -- **[OpenSSF Scorecard](./github/workflows/scorecard.yml)**: Periodically evaluates the repository against OpenSSF Scorecard checks, providing insights and recommendations for improving supply chain security and best practices. +- **[CodeQL Analysis](./.github/workflows/codeql-analysis.yml)**: Scans the codebase for security vulnerabilities and coding errors using GitHub's CodeQL engine on every push and pull request to the `main/master` branch. +- **[OpenSSF Scorecard](./.github/workflows/scorecard.yml)**: Periodically evaluates the repository against OpenSSF Scorecard checks, providing insights and recommendations for improving supply chain security and best practices. These workflows help us identify, remediate, and prevent security issues as early as possible in the development lifecycle. For more details, see the workflow files in the [`.github/workflows/`](.github/workflows) directory.