mirror of
https://github.com/mikefarah/yq.git
synced 2026-07-05 03:45:41 +00:00
Add SECURITY.md security policy (#2660)
* Initial plan * Add SECURITY.md with security policy Agent-Logs-Url: https://github.com/mikefarah/yq/sessions/f9ff8a4c-addc-485b-abb8-4103394851a4 Co-authored-by: mikefarah <1151925+mikefarah@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: mikefarah <1151925+mikefarah@users.noreply.github.com>
This commit is contained in:
parent
2927a28283
commit
30ca9ffde7
26
SECURITY.md
Normal file
26
SECURITY.md
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
# Security Policy
|
||||||
|
|
||||||
|
## Reporting a Vulnerability
|
||||||
|
|
||||||
|
Please **do not** report security vulnerabilities through public GitHub issues.
|
||||||
|
|
||||||
|
Instead, use GitHub's private vulnerability reporting feature:
|
||||||
|
👉 https://github.com/mikefarah/yq/security
|
||||||
|
|
||||||
|
This allows vulnerabilities to be triaged and addressed confidentially before any public disclosure.
|
||||||
|
|
||||||
|
## Scope
|
||||||
|
|
||||||
|
### HTTP / TLS / Network vulnerabilities
|
||||||
|
|
||||||
|
yq is a command-line YAML/JSON/TOML processor that reads from files or standard input and writes to standard output. **yq does not include any HTTP or network libraries** and makes no network connections at runtime. CVEs related to HTTP, TLS, or networking are therefore **not applicable** to yq.
|
||||||
|
|
||||||
|
### Dependency version bumps
|
||||||
|
|
||||||
|
yq uses [Dependabot](https://docs.github.com/en/code-security/dependabot) to automatically raise pull requests for:
|
||||||
|
|
||||||
|
- Go module dependencies
|
||||||
|
- Go toolchain version
|
||||||
|
- Docker base images
|
||||||
|
|
||||||
|
Please **do not** raise pull requests or issues solely to bump dependency or Go versions — Dependabot handles this automatically and the maintainers merge those PRs regularly.
|
||||||
Loading…
Reference in New Issue
Block a user