docs: add SECURITY policy #891
Conversation
Codecov Report
@@ Coverage Diff @@
## main #891 +/- ##
==========================================
- Coverage 65.60% 65.56% -0.04%
==========================================
Files 213 216 +3
Lines 13650 13734 +84
Branches 103 103
==========================================
+ Hits 8955 9005 +50
- Misses 3782 3802 +20
- Partials 913 927 +14
Continue to review full report at Codecov.
|
c9480d3 to
c9b2156
Compare
@kylecarbs more than happy to change the wording - feel free to make a suggestion! Having this though ensures customers know how they can get in touch so the bare minimum should at least include the Report a Vulnerability part. |
|
Fair enough. I agree something is much better than nothing. I shall review! |
c9b2156 to
537afc2
Compare
docs/SECURITY.md
Outdated
| @@ -0,0 +1,8 @@ | |||
| # Security Policy | |||
|
|
|||
| The Coder team wants to keep the coder project secure and safe for end-users. | |||
There was a problem hiding this comment.
I'd rephrase this to something like:
"Keeping your code secure is core to what we do. If you find a vulnerability, please send an email to security@coder.com, and our team will respond to you."
It combines both paragraphs, which I think is fine.
There was a problem hiding this comment.
Feels funny to have this in its own doc and not just in the readme as a section
There was a problem hiding this comment.
I think GitHub does something special with this doc if it's in the location.
There was a problem hiding this comment.
I'll rephrase that then merge!
Feels funny to have this in its own doc and not just in the readme as a section
I think that's just how they find them more easily. Docs
537afc2 to
a8c6093
Compare
This PR adds a basic
SECURITYpolicy for coder.Note: I decided to not add Dependabot since I believe we're going to explore Socket. I'm meeting with the team next week and I will come back with more information. For the first public release, I believe this should be sufficient.
Fixes #656