Skip to content

docs: add SECURITY.md with vulnerability reporting policy#303

Merged
Harxhit merged 2 commits into
Dev-Card:mainfrom
RehanAhmad25:add/security
Jun 5, 2026
Merged

docs: add SECURITY.md with vulnerability reporting policy#303
Harxhit merged 2 commits into
Dev-Card:mainfrom
RehanAhmad25:add/security

Conversation

@RehanAhmad25

@RehanAhmad25 RehanAhmad25 commented May 24, 2026

Copy link
Copy Markdown
Contributor

Summary

This PR adds a SECURITY.md file to the repository root. DevCard currently has no security policy defined, leaving contributors and users with no safe, private channel to report vulnerabilities. This change establishes a responsible disclosure process in line with GitHub's recommended best practices.

Closes #293

Type of Change

  • Bug fix
  • New feature
  • Refactor (no functional change)
  • UI / Design change
  • Tests only
  • Documentation
  • Infrastructure / DevOps
  • Security

What Changed

  • Added SECURITY.md at the root of the repository
  • Defined supported versions with a version support table
  • Added vulnerability reporting instructions via the maintainer's GitHub profile
  • Included a clear response timeline for reported vulnerabilities
  • Outlined a responsible disclosure policy

How to Test

  1. Navigate to the repository root and confirm SECURITY.md exists
  2. Open the file and verify all sections render correctly on GitHub
  3. Visit the Security tab on GitHub — the policy should now be detected and displayed automatically

Checklist

  • My code follows the project's coding style (pnpm -r run lint passes).
  • TypeScript compiles without errors (pnpm -r run typecheck).
  • I have added or updated tests for the changes I made.
  • All tests pass locally (pnpm -r run test).
  • I have updated documentation where necessary.
  • No new console.log or debug statements left in the code.
  • Breaking changes are documented in this PR description.

Screenshots / Recordings

Not applicable — documentation-only change with no visual impact.

@Harxhit Harxhit added the gssoc:approved Required label for every approved PR. Gives the base +50 points and enables contribution tracking. label May 24, 2026
@RehanAhmad25

RehanAhmad25 commented Jun 4, 2026

Copy link
Copy Markdown
Contributor Author

Hi @ShantKhatri and @Harxhit

Just a friendly follow-up on this PR. It's been about a week since submission, and I wanted to check if you've had a chance to review it.

I've addressed all requested changes (if any) and am happy to make further modifications if needed. Whenever you get the opportunity, I'd appreciate a review.

Thank you for your time and effort in maintaining the project! 🙌

@Harxhit Harxhit merged commit a7ec352 into Dev-Card:main Jun 5, 2026
1 check failed
@github-actions

github-actions Bot commented Jun 5, 2026

Copy link
Copy Markdown

Congratulations @RehanAhmad25 on getting PR #303 merged!

    Thank you for your contribution. Please mention @Harxhit in our Discord server to receive the appropriate GSSoC labels and recognition.

@Harxhit Harxhit added level:beginner Beginner-friendly issue/PR with low complexity. (+20 pts) quality:clean PR is well-structured, readable, and follows good practices. (×1.2 multiplier) type:docs Documentation-related contribution (+5 pts) type:security Security-related fixes/improvements (+20 pts) labels Jun 5, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Harxhit Harxhit Harxhit approved these changes

Assignees

No one assigned

Labels

gssoc:approved Required label for every approved PR. Gives the base +50 points and enables contribution tracking. level:beginner Beginner-friendly issue/PR with low complexity. (+20 pts) quality:clean PR is well-structured, readable, and follows good practices. (×1.2 multiplier) type:docs Documentation-related contribution (+5 pts) type:security Security-related fixes/improvements (+20 pts)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Security]: Add SECURITY.md to define vulnerability reporting process

2 participants

@RehanAhmad25 @Harxhit