Skip to content

docs: add security policy#2609

Merged
WilliamBergamin merged 1 commit into
mainfrom
security-policy
May 29, 2026
Merged

docs: add security policy#2609
WilliamBergamin merged 1 commit into
mainfrom
security-policy

Conversation

@WilliamBergamin
Copy link
Copy Markdown
Contributor

@WilliamBergamin WilliamBergamin commented May 28, 2026

Summary

  • Adds a SECURITY.md to .github/ with vulnerability reporting instructions, threat model, and disclosure policy
  • Directs reporters to the Slack HackerOne bug bounty program
  • Defines in-scope vulnerabilities (signature bypass, token leakage, DoS, auth bypass) and out-of-scope issues

closes: #2608

Requirements

@WilliamBergamin WilliamBergamin self-assigned this May 28, 2026
@WilliamBergamin WilliamBergamin requested a review from a team as a code owner May 28, 2026 18:23
@WilliamBergamin WilliamBergamin added docs M-T: Documentation work only security labels May 28, 2026
@changeset-bot
Copy link
Copy Markdown

changeset-bot Bot commented May 28, 2026

⚠️ No Changeset found

Latest commit: e81dbd6

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@codecov
Copy link
Copy Markdown

codecov Bot commented May 28, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 88.86%. Comparing base (b12a62f) to head (e81dbd6).
✅ All tests successful. No failed tests found.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #2609   +/-   ##
=======================================
  Coverage   88.86%   88.86%           
=======================================
  Files          62       62           
  Lines       10230    10230           
  Branches      450      450           
=======================================
  Hits         9091     9091           
  Misses       1117     1117           
  Partials       22       22
Flag Coverage Δ
cli-hooks 88.86% <ø> (ø)
cli-test 88.86% <ø> (ø)
logger 88.86% <ø> (ø)
oauth 88.86% <ø> (ø)
socket-mode 88.86% <ø> (ø)
web-api 88.86% <ø> (ø)
webhook 88.86% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

zimeg
zimeg approved these changes May 28, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@zimeg zimeg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎁 Super thank you @WilliamBergamin for these pages!

@WilliamBergamin WilliamBergamin merged commit 7ad18f2 into main May 29, 2026
12 checks passed
@WilliamBergamin WilliamBergamin deleted the security-policy branch May 29, 2026 14:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zimeg zimeg zimeg approved these changes

Assignees

@WilliamBergamin WilliamBergamin

Labels

docs M-T: Documentation work only security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

chore: add a SECURITY.md file

2 participants

@WilliamBergamin @zimeg