Skip to content

Create SECURITY.md#2288

Merged
ofek1weiss merged 1 commit into
masterfrom
app-1378-add-securitymd-file
Jul 5, 2026
Merged

Create SECURITY.md#2288
ofek1weiss merged 1 commit into
masterfrom
app-1378-add-securitymd-file

Conversation

@ofek1weiss

@ofek1weiss ofek1weiss commented Jul 5, 2026

Copy link
Copy Markdown
Contributor

Summary by CodeRabbit

  • Documentation
    • Added a complete security policy with guidance for privately reporting vulnerabilities.
    • Clarified expected acknowledgment timing, fix coverage for the latest released version, and the disclosure process after a report is confirmed.
    • Included scope details and directions for platform-specific security issues.

@linear

linear Bot commented Jul 5, 2026

Copy link
Copy Markdown

APP-1378

@github-actions

github-actions Bot commented Jul 5, 2026

Copy link
Copy Markdown
Contributor

👋 @ofek1weiss
Thank you for raising your pull request.
Please make sure to add tests and document all user-facing changes.
You can do this by editing the docs files in this pull request.

@coderabbitai

coderabbitai Bot commented Jul 5, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: a5df512c-421d-4ce6-82ff-7672a8369216

📥 Commits

Reviewing files that changed from the base of the PR and between 809127c and 7e6d10f.

📒 Files selected for processing (1)
  • SECURITY.md

📝 Walkthrough

Walkthrough

A new SECURITY.md file is added, establishing a security policy covering vulnerability reporting via GitHub Security Advisories, acknowledgment timing, supported versions, scope, and the disclosure process.

Changes

Security Policy Documentation

Layer / File(s) Summary
Add security policy document
SECURITY.md
New file defining vulnerability reporting steps, 10-business-day acknowledgment timeframe, latest-version support scope, Elementary Cloud vs. repository scope guidance, and post-confirmation disclosure process.

Estimated code review effort: 1 (Trivial) | ~2 minutes

Poem

A rabbit hops with policy in paw,
SECURITY.md now sets the law,
Report a bug, we'll answer soon,
Fixes land by the next full moon,
Docs alone, no code to gnaw. 🐇📜

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the main change: adding a new SECURITY.md file.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch app-1378-add-securitymd-file

Comment @coderabbitai help to get the list of available commands.

@ofek1weiss ofek1weiss merged commit 2522527 into master Jul 5, 2026
9 checks passed
@ofek1weiss ofek1weiss deleted the app-1378-add-securitymd-file branch July 5, 2026 09:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants