Skip to content

docs: add SECURITY.md with vulnerability reporting policy #258

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Soumya-codr merged 3 commits into from
Jun 5, 2026
Merged

docs: add SECURITY.md with vulnerability reporting policy #258

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
ddae537
docs: add SECURITY.md with vulnerability reporting policy
RehanAhmad25 Jun 4, 2026
075e8e7
Merge remote-tracking branch 'upstream/main' into add/security
RehanAhmad25 Jun 5, 2026
55d7ee5
style: fix Prettier formatting in SECURITY.md
RehanAhmad25 Jun 5, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
53 changes: 53 additions & 0 deletions SECURITY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
# Security Policy

## Supported Versions

The following versions of **MergeShip** are currently supported with security updates:

| Version | Supported |
| ------- | --------- |
| main | ✅ Yes |

## Contact Details

To report a security vulnerability in **MergeShip**, please reach out via:

- 👤 Github: [Coder's OG's](https://github.com/Coder-s-OG-s)
- ✉️ Email: codersogs@gmail.com
- 💬 Discord: [Server](https://discord.gg/Wg4xZt3DRx)
- 💬 LinkedIN: [Coder's OG's](https://www.linkedin.com/company/coder-s-og/)

> Please **do not** open a public GitHub issue for security vulnerabilities.

## What to Include in Your Report

- A clear description of the vulnerability
- Steps to reproduce the issue
- Affected versions or components
- Potential impact assessment
- Any suggested fix (optional but appreciated)

## Expected Response Time

| Action | Timeframe |
| ------------------------- | --------------- |
| Acknowledgement of report | Within 48 hours |
| Status update | Within 7 days |
| Patch / fix release | Within 30 days |

## Responsible Disclosure Policy

We follow a **responsible disclosure** policy:

- Please report vulnerabilities **privately** before any public disclosure
- We request an **embargo period of 30 days** to investigate and patch the issue
- After a fix is released, you are welcome to publish your findings
- We will credit reporters in the patch notes unless anonymity is requested
- We deeply appreciate the efforts of security researchers 🙏

## References

- [MergeShip Repository](https://github.com/Coder-s-OG-s/MergeShip)
- [GitHub Security Advisories Docs](https://docs.github.com/en/code-security/security-advisories)
- [Responsible Disclosure — OWASP](https://owasp.org/www-community/Vulnerability_Disclosure_Cheat_Sheet)
- [Adding a Security Policy to your repo](https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository)
Loading