From ba8a6b0374b517850d833e2ee54a58bc3d4545fd Mon Sep 17 00:00:00 2001 From: Sean Goedecke Date: Thu, 10 Apr 2025 03:02:10 +0000 Subject: [PATCH] Add security and support docs --- SECURITY.md | 39 +++++++++++++++++++++++++++++++++++++++ SUPPORT.md | 17 +++++++++++++++++ 2 files changed, 56 insertions(+) create mode 100644 SECURITY.md create mode 100644 SUPPORT.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..0ab1da3 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,39 @@ +# Security + +GitHub takes the security of our software products and services seriously, +including all of the open source code repositories managed through our GitHub +organizations, such as [GitHub](https://github.com/GitHub). + +Even though +[open source repositories are outside of the scope of our bug bounty program](https://bounty.github.com/index.html#scope) +and therefore not eligible for bounty rewards, we will ensure that your finding +gets passed along to the appropriate maintainers for remediation. + +## Reporting Security Issues + +If you believe you have found a security vulnerability in any GitHub-owned +repository, please report it to us through coordinated disclosure. + +**Please do not report security vulnerabilities through public GitHub issues, +discussions, or pull requests.** + +Instead, please send an email to opensource-security[@]github.com. + +Please include as much of the information listed below as you can to help us +better understand and resolve the issue: + +- The type of issue (e.g., buffer overflow, SQL injection, or cross-site + scripting) +- Full paths of source file(s) related to the manifestation of the issue +- The location of the affected source code (tag/branch/commit or direct URL) +- Any special configuration required to reproduce the issue +- Step-by-step instructions to reproduce the issue +- Proof-of-concept or exploit code (if possible) +- Impact of the issue, including how an attacker might exploit the issue + +This information will help us triage your report more quickly. + +## Policy + +See +[GitHub's Safe Harbor Policy](https://docs.github.com/en/site-policy/security-policies/github-bug-bounty-program-legal-safe-harbor#1-safe-harbor-terms) diff --git a/SUPPORT.md b/SUPPORT.md new file mode 100644 index 0000000..5e2670e --- /dev/null +++ b/SUPPORT.md @@ -0,0 +1,17 @@ +# Support + +## How to file issues and get help + +This project uses GitHub issues to track bugs and feature requests. Please +search the existing issues before filing new issues to avoid duplicates. For new +issues, file your bug or feature request as a new issue. + +For help or questions about using this project, please file an issue. + +This project is under active development and maintained by GitHub staff and the +community. We will do our best to respond to support, feature requests, and +community questions in a timely manner. + +## GitHub Support Policy + +Support for this project is limited to the resources listed above.