From ddae5372723536c6460119e95fb3cc87901e0b6d Mon Sep 17 00:00:00 2001 From: Rehan Ahmad Date: Fri, 5 Jun 2026 00:15:56 +0530 Subject: [PATCH 1/2] docs: add SECURITY.md with vulnerability reporting policy --- SECURITY.md | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..8daf33c --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,53 @@ +# Security Policy + +## Supported Versions + +The following versions of **MergeShip** are currently supported with security updates: + +| Version | Supported | +| ------- | ------------------ | +| main | ✅ Yes | + +## Contact Details + +To report a security vulnerability in **MergeShip**, please reach out via: + +- 👤 Github: [Coder's OG's](https://github.com/Coder-s-OG-s) +- ✉️ Email: codersogs@gmail.com +- 💬 Discord: [Server](https://discord.gg/Wg4xZt3DRx) +- 💬 LinkedIN: [Coder's OG's](https://www.linkedin.com/company/coder-s-og/) + +> Please **do not** open a public GitHub issue for security vulnerabilities. + +## What to Include in Your Report + +- A clear description of the vulnerability +- Steps to reproduce the issue +- Affected versions or components +- Potential impact assessment +- Any suggested fix (optional but appreciated) + +## Expected Response Time + +| Action | Timeframe | +| ----------------------------- | ----------------- | +| Acknowledgement of report | Within 48 hours | +| Status update | Within 7 days | +| Patch / fix release | Within 30 days | + +## Responsible Disclosure Policy + +We follow a **responsible disclosure** policy: + +- Please report vulnerabilities **privately** before any public disclosure +- We request an **embargo period of 30 days** to investigate and patch the issue +- After a fix is released, you are welcome to publish your findings +- We will credit reporters in the patch notes unless anonymity is requested +- We deeply appreciate the efforts of security researchers 🙏 + +## References + +- [MergeShip Repository](https://github.com/Coder-s-OG-s/MergeShip) +- [GitHub Security Advisories Docs](https://docs.github.com/en/code-security/security-advisories) +- [Responsible Disclosure — OWASP](https://owasp.org/www-community/Vulnerability_Disclosure_Cheat_Sheet) +- [Adding a Security Policy to your repo](https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository) From 55d7ee5e64ffb3163b4259a28c3646f9f95cab6e Mon Sep 17 00:00:00 2001 From: Rehan Ahmad Date: Fri, 5 Jun 2026 16:40:14 +0530 Subject: [PATCH 2/2] style: fix Prettier formatting in SECURITY.md --- SECURITY.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 8daf33c..9631421 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -4,9 +4,9 @@ The following versions of **MergeShip** are currently supported with security updates: -| Version | Supported | -| ------- | ------------------ | -| main | ✅ Yes | +| Version | Supported | +| ------- | --------- | +| main | ✅ Yes | ## Contact Details @@ -29,11 +29,11 @@ To report a security vulnerability in **MergeShip**, please reach out via: ## Expected Response Time -| Action | Timeframe | -| ----------------------------- | ----------------- | -| Acknowledgement of report | Within 48 hours | -| Status update | Within 7 days | -| Patch / fix release | Within 30 days | +| Action | Timeframe | +| ------------------------- | --------------- | +| Acknowledgement of report | Within 48 hours | +| Status update | Within 7 days | +| Patch / fix release | Within 30 days | ## Responsible Disclosure Policy