Forgot to commit untracked file

piotr-yuxuan · Apr 18, 2022 · 786881c · 786881c
1 parent 9e1c998
commit 786881c
Showing 1 changed file with 33 additions and 0 deletions.
diff --git a/resources/SECURITY.md b/resources/SECURITY.md
@@ -0,0 +1,33 @@
+# Security Policy
+
+## Existing tooling
+
+This repository is managed by
+[Walter](https://github.com/piotr-yuxuan/walter-ci), a CICD system. It
+enforces continuous vulnerability scans by the following tools:
+
+- https://github.com/rm-hull/nvd-clojure
+- https://github.com/clj-holmes/clj-holmes
+- https://github.com/aquasecurity/tfsec
+- https://github.com/aquasecurity/trivy
+
+## Supported Versions
+
+This message being present means that version `{{current-version}}`
+has been scrutinised on commit `{{current-commit}}`. See `git` log for
+history of supported versions.
+
+## Known vulnerabilities
+
+Vulnerabilities discovered by
+[nvd-clojure](https://github.com/rm-hull/nvd-clojure) are publicly
+disclosed in
+[`./doc/known-vulnerabilities.csv`](./doc/known-vulnerabilities.csv). As
+this repository is public and open-source, this is intended to inform
+your choice whether to use it, or not to use it. Beware that not all
+vulnerability can be exploited.
+
+## Reporting a Vulnerability
+
+Open an issue, or contact the [code owners](.github/CODEOWNERS.yml) on
+social media.