Skip to content

Create SECURITY.md#4330

Merged
alexellis merged 1 commit into
masterfrom
alexellis-patch-4
Jul 1, 2026
Merged

Create SECURITY.md#4330
alexellis merged 1 commit into
masterfrom
alexellis-patch-4

Conversation

@alexellis

Copy link
Copy Markdown
Member

Description

Motivation and Context

  • I have raised an issue to propose this change (required)
  • My issue has received approval from the maintainers or lead with the design/approved label

How Has This Been Tested?

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I've read the CONTRIBUTION guide
  • I have signed-off my commits with git commit -s
  • I have added tests to cover my changes.
  • All new and existing tests passed.

Signed-off-by: Alex Ellis <alexellis2@gmail.com>
@alexellis alexellis merged commit 05c737b into master Jul 1, 2026
3 checks passed
@alexellis alexellis deleted the alexellis-patch-4 branch July 1, 2026 15:19
@reviewfn

reviewfn Bot commented Jul 1, 2026

Copy link
Copy Markdown

AI Pull Request Overview

Disclaimer: This review was generated by automated AI and may contain errors. Do not trust its outputs without human verification.

Summary

  • Adds a root SECURITY.md file.
  • The file points readers to the existing responsible disclosure guidance in CONTRIBUTING.md.
  • The target anchor exists and contains a security contact and reproduction guidance.
  • No code, configuration, or infrastructure behavior is changed.
  • No blocking documentation, rendering, or reproducibility issues were found.

Approval rating (1-10)

9/10. Safe, narrow documentation change that makes existing security reporting guidance discoverable from GitHub's expected root policy file.

Summary per file

Summary per file
File path Summary
SECURITY.md Adds a pointer to existing security reporting guidance.

Overall Assessment

This is a low-risk content-only change. Adding a root SECURITY.md improves discoverability for vulnerability reporters while reusing the project's existing disclosure instructions. The linked section is present in CONTRIBUTING.md and gives a responsible disclosure route via support@openfaas.com plus reproduction expectations.

Detailed Review

Detailed Review

Content review

No blocking findings.

  • The title/excerpt fit is not applicable because this is a single-purpose repository policy file, not an article or guide.
  • The opening is intentionally terse, but it is sufficient for GitHub's root security policy convention because it immediately sends reporters to the canonical instructions.
  • The linked target contains the necessary disclosure channel and asks reporters to include reproduction details, so the workflow is actionable.
  • The absolute GitHub URL and anchor render correctly for the current master branch and heading text.

AI agent details.

Agent processing time: 1m21.893s
Environment preparation time: 3.755s
Total time from webhook: 1m31.226s

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant