chore: add SECURITY.md and dependabot.yml

MyUnisoft · Aug 7, 2024 · 46f4199 · 46f4199
1 parent a4d5523
commit 46f4199
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 11 deletions.
diff --git a/.github/Dockerfile b/.github/Dockerfile
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,21 @@
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: monthly
+    groups:
+      github-actions:
+        patterns:
+          - "*"
+
+  - package-ecosystem: npm
+    directory: /
+    versioning-strategy: widen
+    schedule:
+      interval: weekly
+    groups:
+      dependencies:
+        dependency-type: "production"
+      development-dependencies:
+        dependency-type: "development"
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,5 @@
+# Reporting Security Issues
+
+To report a security issue, please [publish a private security advisory](https://github.com/MyUnisoft/heif-converter/security/advisories) with a description of the issue, the steps you took to create the issue, affected versions, and, if known, mitigations for the issue.
+
+Our vulnerability management team will respond within one week. If the issue is confirmed as a vulnerability, we will open a Security Advisory and acknowledge your contributions as part of it. This project follows a 90 day disclosure timeline.