Added security page (#1297)

* Added security page

* Added security page

* Removed linting issue from  security page

* Fixed linting issues

* Added Security Page and Sidenav bar

* Added Security Page and Sidenav bar

* Removed additional function for security page test

* Changed Describe function of security test

* Updated Snapshots

Co-authored-by: Ben Halverson <7907232+benhalverson@users.noreply.github.com>

Author: parthlaw

content/about/security.md

@@ -0,0 +1,79 @@
+---
+title: Security
+description: 'This is security page'
+authors: reedloden,XhmikosR,Trott,fhemberger,MaledongGit,yous,sam-github,vdeturckheim,tniessen,richardlau,nschonni,mikeal,e-jigsaw,parthlaw
+category: security
+---
+
+## Reporting a Bug in Node.js
+
+Report security bugs in Node.js via [HackerOne](https://hackerone.com/nodejs).
+
+Your report will be acknowledged within 24 hours, and you’ll receive a more
+detailed response to your report within 48 hours indicating the next steps in
+handling your submission.
+
+After the initial reply to your report, the security team will endeavor to keep
+you informed of the progress being made towards a fix and full announcement,
+and may ask for additional information or guidance surrounding the reported
+issue.
+
+### Node.js Bug Bounty Program
+
+The Node.js project engages in an official bug bounty program for security
+researchers and responsible public disclosures. The program is managed through
+the HackerOne platform. See <https://hackerone.com/nodejs> for further details.
+
+## Reporting a Bug in a third party module
+
+Security bugs in third party modules should be reported to their respective
+maintainers and should also be coordinated through the Node.js Ecosystem
+Security Team via [HackerOne](https://hackerone.com/nodejs-ecosystem).
+
+Details regarding this process can be found in the
+[Security Working Group repository](https://github.com/nodejs/security-wg/blob/master/processes/third_party_vuln_process.md).
+
+Thank you for improving the security of Node.js and its ecosystem. Your efforts
+and responsible disclosure are greatly appreciated and will be acknowledged.
+
+## Disclosure Policy
+
+Here is the security disclosure policy for Node.js
+
+* The security report is received and is assigned a primary handler. This
+  person will coordinate the fix and release process. The problem is confirmed
+  and a list of all affected versions is determined. Code is audited to find
+  any potential similar problems. Fixes are prepared for all releases which are
+  still under maintenance. These fixes are not committed to the public
+  repository but rather held locally pending the announcement.
+
+* A suggested embargo date for this vulnerability is chosen and a CVE (Common
+  Vulnerabilities and Exposures (CVE®)) is requested for the vulnerability.
+
+* On the embargo date, the Node.js security mailing list is sent a copy of the
+  announcement. The changes are pushed to the public repository and new builds
+  are deployed to nodejs.org. Within 6 hours of the mailing list being
+  notified, a copy of the advisory will be published on the Node.js blog.
+
+* Typically the embargo date will be set 72 hours from the time the CVE is
+  issued. However, this may vary depending on the severity of the bug or
+  difficulty in applying a fix.
+
+* This process can take some time, especially when coordination is required
+  with maintainers of other projects. Every effort will be made to handle the
+  bug in as timely a manner as possible; however, it’s important that we follow
+  the release process above to ensure that the disclosure is handled in a
+  consistent manner.
+
+## Receiving Security Updates
+
+Security notifications will be distributed via the following methods.
+
+* <https://groups.google.com/group/nodejs-sec>
+* <https://nodejs.org/en/blog/>
+
+## Comments on this Policy
+
+If you have suggestions on how this process could be improved please submit a
+[pull request](https://github.com/nodejs/nodejs.dev) or
+[file an issue](https://github.com/nodejs/security-wg/issues/new) to discuss.

gatsby-node.js

@@ -29,6 +29,7 @@ exports.createPages = ({ graphql, actions }) => {
                       "privacy-policy"
                       "about"
                       "governance"
+                      "security"
                     ]
                   }
                 }

src/components/AboutPageSideNavBar/index.tsx

@@ -13,6 +13,7 @@ export enum AboutPageKeys {
   resources = 'resources',
   trademark = 'trademark',
   privacy = 'privacy',
+  security = 'security',
 }
 
 const aboutPageSideNavBarItem: AboutPageSideNavBarItem[] = [
@@ -48,6 +49,10 @@ const aboutPageSideNavBarItem: AboutPageSideNavBarItem[] = [
     title: 'Privacy Policy',
     slug: AboutPageKeys.privacy,
   },
+  {
+    title: 'Security Reporting',
+    slug: AboutPageKeys.security,
+  },
 ];
 
 export default function AboutPageSideNavBar({

src/components/Footer/__tests__/__snapshots__/footer.test.tsx.snap

@@ -42,7 +42,7 @@ exports[`Tests for Footer component renders correctly 1`] = `
       <li>
         <a
           class="footer__link"
-          href="https://nodejs.org/en/security/"
+          href="/security"
         >
           Security Reporting
         </a>

src/components/Footer/index.tsx

@@ -36,9 +36,9 @@ function Footer(): JSX.Element {
             </a>
           </li>
           <li>
-            <a className="footer__link" href="https://nodejs.org/en/security/">
+            <Link className="footer__link" to="/security">
               Security Reporting
-            </a>
+            </Link>
           </li>
           <li>
             <Link className="footer__link" to="/about">

src/components/Layout/__tests__/__snapshots__/centered-layout.test.tsx.snap

@@ -183,7 +183,7 @@ exports[`CenteredLayout component renders correctly with footer 1`] = `
       <li>
         <a
           class="footer__link"
-          href="https://nodejs.org/en/security/"
+          href="/security"
         >
           Security Reporting
         </a>

src/components/Layout/__tests__/__snapshots__/page-layout.test.tsx.snap

@@ -256,7 +256,7 @@ exports[`PageLayout component renders correctly with data 1`] = `
         <li>
           <a
             class="footer__link"
-            href="https://nodejs.org/en/security/"
+            href="/security"
           >
             Security Reporting
           </a>

src/pages/security.tsx

@@ -0,0 +1,49 @@
+import React from 'react';
+import { graphql } from 'gatsby';
+import { Page } from '../types';
+import Layout from '../components/Layout';
+import Article from '../components/Article';
+import Footer from '../components/Footer';
+import '../styles/article-reader.scss';
+import AboutPageSideNavBar, {
+  AboutPageKeys,
+} from '../components/AboutPageSideNavBar';
+
+export default function SecurityPage({ data }: Page): JSX.Element {
+  const { title, description } = data.page.frontmatter;
+  const { html, tableOfContents } = data.page;
+  const { authors } = data.page.fields;
+  return (
+    <>
+      <Layout title={title} description={description} showFooter={false}>
+        <main className="streched-container">
+          <AboutPageSideNavBar pageKey={AboutPageKeys.security} />
+          <Article
+            title={title}
+            html={html}
+            tableOfContents={tableOfContents}
+            authors={authors}
+            editPath="content/about/security.md"
+          />
+        </main>
+      </Layout>
+      <Footer />
+    </>
+  );
+}
+
+export const query = graphql`
+  query {
+    page: markdownRemark(fields: { slug: { eq: "security" } }) {
+      html
+      tableOfContents(absolute: false, pathToSlugField: "frontmatter.path")
+      frontmatter {
+        title
+        description
+      }
+      fields {
+        authors
+      }
+    }
+  }
+`;

test/components/__snapshots__/aboutPageSideNavBar.test.tsx.snap

@@ -70,6 +70,13 @@ exports[`AboutPageSideNavBar renders correctly 1`] = `
       >
         Privacy Policy
       </a>
+      <a
+        class="t-body2 side-nav__item-community"
+        href="/security"
+        id="link-security"
+      >
+        Security Reporting
+      </a>
     </ul>
   </nav>
 </div>
@@ -145,6 +152,13 @@ exports[`AboutPageSideNavBar should about Releases page exist and contain a href
       >
         Privacy Policy
       </a>
+      <a
+        class="t-body2 side-nav__item-community"
+        href="/security"
+        id="link-security"
+      >
+        Security Reporting
+      </a>
     </ul>
   </nav>
 </div>

test/pages/__snapshots__/404.test.tsx.snap

@@ -200,7 +200,7 @@ exports[`404 page renders correctly 1`] = `
         <li>
           <a
             class="footer__link"
-            href="https://nodejs.org/en/security/"
+            href="/security"
           >
             Security Reporting
           </a>