From f7102e9bed8c2230fba596ae2e1740944c10c193 Mon Sep 17 00:00:00 2001
From: Nico Williams <nico@cryptonector.com>
Date: Sun, 18 Jun 2023 23:40:15 -0500
Subject: Create SECURITY.md

---
 SECURITY.md | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..9176bbfd
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,7 @@
+# How to report security vulnerabilities in `jq`
+
+GitHub has a [mechanism for private disclosure of vulnerabilities](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability) to repository owners and authorized persons such as maintainers.  The `jqlang/jq` repository now has this feature enabled.
+
+## Reporting a Vulnerability
+
+See [Privately Reporting a Security Vulnerability](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability).  Click on [`jqlang/jq`](https://github.com/jqlang/jq)'s [Security page](https://github.com/jqlang/jq/security) and click on [Report a vulnerability](https://github.com/jqlang/jq/security/advisories/new).  This will notify the owners and maintainers.  After submitting you'll get an option to start a private clone of `jqlang/jq` for collaboration with the maintainers.
-- 
cgit v1.2.3