Skip to content

docs: add security policy #363

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ajbozarth wants to merge 1 commit into
base: main
Choose a base branch
from
Open

docs: add security policy #363

ajbozarth wants to merge 1 commit into from
+15 −0

Conversation

@ajbozarth
Copy link
Contributor

@ajbozarth ajbozarth commented Jan 26, 2026
edited
Loading

Misc PR

Type of PR

  • Bug Fix
  • New Feature
  • Documentation
  • Other

Description

Implements a SECURITY.md policy. This policy was taken from other IBM open source projects such as beeai-framework and qiskit-serverless and is a simple version of the standard GitHub policy.

Testing

  • Tests added to the respective file if code was changed
  • New code has 100% coverage if code as added
  • Ensure existing tests and github automation passes (a maintainer will kick off the github automation when the rest of the PR is populated)

@ajbozarth
docs: add security policy
95c80c3 
Signed-off-by: Alex Bozarth <ajbozart@us.ibm.com>
@github-actions
Copy link
Contributor

github-actions bot commented Jan 26, 2026

The PR description has been updated. Please fill out the template for your PR to be reviewed.

@mergify
Copy link

mergify bot commented Jan 26, 2026

Merge Protections

Your pull request matches the following merge protections and will not be merged until they are valid.

🟢 Enforce conventional commit

Wonderful, this rule succeeded.

Make sure that we follow https://www.conventionalcommits.org/en/v1.0.0/

  • title ~= ^(fix|feat|docs|style|refactor|perf|test|build|ci|chore|revert|release)(?:\(.+\))?:

@ajbozarth
Copy link
Contributor Author

ajbozarth commented Jan 26, 2026

looking at the security tab we may also need to enable reporting once this is merged as I see no report button at the location linked in this new doc (like I see at https://github.com/Qiskit/qiskit-serverless/security)

@ajbozarth ajbozarth mentioned this pull request Jan 26, 2026
Open
@planetf1
Copy link
Contributor

planetf1 commented Jan 27, 2026

@ajbozarth Agreed - the text looks good to me, but one of the admins will need to enable private vuln. reporting as per https://docs.github.com/en/code-security/how-tos/report-and-fix-vulnerabilities/configure-vulnerability-reporting/configuring-private-vulnerability-reporting-for-a-repository

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

sugg: Add SECURITY.md / policy

2 participants

@ajbozarth @planetf1