Skip to content

docs: add security policy#109

Merged
0x77dev merged 1 commit into
mainfrom
vasyl/security-policy-20260703
Jul 3, 2026
Merged

docs: add security policy#109
0x77dev merged 1 commit into
mainfrom
vasyl/security-policy-20260703

Conversation

@0x77dev

@0x77dev 0x77dev commented Jul 3, 2026

Copy link
Copy Markdown
Owner

Summary

  • add SECURITY.md with the private vulnerability reporting path
  • document supported security-report scope and disclosure expectations

Verification

  • added-line secret scan: no matches
  • nix flake check --no-build -L: passed
  • independent peer review: 2 PASS after fixing the pdf-sign --version wording

Full nix flake check -L was attempted but timed out after 600s while cold-building dependencies, before any project failure.

Assisted-by: vasyl

Summary by CodeRabbit

  • Documentation
    • Added a security policy with clear instructions for privately reporting vulnerabilities.
    • Included guidance on what details to submit, such as reproduction steps and expected vs. actual behavior.
    • Clarified which releases are covered and how disclosure is coordinated until a fix is available.

- document private vulnerability reporting path
- define supported security-report scope

Assisted-by: vasyl
@coderabbitai

coderabbitai Bot commented Jul 3, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: e6380527-fb4a-4a34-8ed0-e425d2223aad

📥 Commits

Reviewing files that changed from the base of the PR and between 70d4bcf and 6914007.

📒 Files selected for processing (1)
  • SECURITY.md

Walkthrough

This change adds a new SECURITY.md file to the repository, documenting the vulnerability reporting process via private GitHub advisories, required reproduction information, supported versions, and disclosure timing coordination.

Changes

Security Policy Documentation

Layer / File(s) Summary
Add SECURITY.md policy
SECURITY.md
New file documenting private vulnerability reporting workflow, required details, supported versions (main and latest release), and disclosure timing.

Estimated code review effort: 1 (Trivial) | ~2 minutes

Poem

A rabbit hops with policy in paw,
Reporting bugs by trusted law,
Private advisories, safe and sound,
Disclosure timed when fixes are found,
Hop hop hooray, security's here! 🐇🔒

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly and concisely describes the main change: adding a security policy document.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch vasyl/security-policy-20260703

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@0x77dev 0x77dev merged commit 06399f3 into main Jul 3, 2026
10 checks passed
@0x77dev 0x77dev deleted the vasyl/security-policy-20260703 branch July 3, 2026 13:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant