Skip to content

SECURITY.md #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
patniko merged 1 commit into from
Jan 21, 2026
Merged

SECURITY.md #1

patniko merged 1 commit into from
Jan 21, 2026
+31 −0

Conversation

@patniko
Copy link
Collaborator

@patniko patniko commented Jan 21, 2026

No description provided.

Copilot AI review requested due to automatic review settings January 21, 2026 22:49
@patniko patniko enabled auto-merge January 21, 2026 22:49
Copilot AI reviewed Jan 21, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a repository security policy document to guide responsible vulnerability disclosure and point reporters to the appropriate safe-harbor policy.

Changes:

  • Introduces SECURITY.md with instructions for reporting security issues via coordinated disclosure.
  • Documents the information reporters should include to help triage.
  • Links to GitHub’s Safe Harbor Policy.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

SECURITY.md

GitHub takes the security of our software products and services seriously, including all of the open source code repositories managed through our GitHub organizations, such as [GitHub](https://github.com/GitHub).

Even though [open source repositories are outside of the scope of our bug bounty program](https://bounty.github.com/index.html#scope) and therefore not eligible for bounty rewards, we will ensure that your finding gets passed along to the appropriate maintainers for remediation.
Copy link

Copilot AI Jan 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Line ends with trailing whitespace after the period. Please remove the trailing space to avoid formatting/lint noise and accidental Markdown line-break behavior in some renderers.

Copilot uses AI. Check for mistakes.
SECURITY.md

**Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.**

Instead, please send an email to opensource-security[@]github.com.
Copy link

Copilot AI Jan 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The contact email is obfuscated as opensource-security[@]github.com, which is not clickable and increases reporting friction. Consider using a standard email (or mailto: link), or explicitly instruct reporters to replace [@] with @ so the address is unambiguous.

Suggested change
Instead, please send an email to opensource-security[@]github.com.
Instead, please send an email to [opensource-security@github.com](mailto:opensource-security@github.com).

Copilot uses AI. Check for mistakes.
@patniko patniko disabled auto-merge January 21, 2026 22:57
@patniko patniko merged commit d46cf02 into main Jan 21, 2026
7 checks passed
@patniko patniko deleted the patniko-patch-1 branch January 21, 2026 22:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@patniko