diff options
author | Nico Williams <nico@cryptonector.com> | 2023-06-18 23:40:15 -0500 |
---|---|---|
committer | Nico Williams <nico@cryptonector.com> | 2023-06-19 00:07:29 -0500 |
commit | f7102e9bed8c2230fba596ae2e1740944c10c193 (patch) | |
tree | db0d1773febaab389f8856bc292a19db8a2aa641 /SECURITY.md | |
parent | 38b42e537f9cc22aaae768fd96bfe898c78bad1d (diff) |
Create SECURITY.md
Diffstat (limited to 'SECURITY.md')
-rw-r--r-- | SECURITY.md | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..9176bbfd --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,7 @@ +# How to report security vulnerabilities in `jq` + +GitHub has a [mechanism for private disclosure of vulnerabilities](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability) to repository owners and authorized persons such as maintainers. The `jqlang/jq` repository now has this feature enabled. + +## Reporting a Vulnerability + +See [Privately Reporting a Security Vulnerability](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability). Click on [`jqlang/jq`](https://github.com/jqlang/jq)'s [Security page](https://github.com/jqlang/jq/security) and click on [Report a vulnerability](https://github.com/jqlang/jq/security/advisories/new). This will notify the owners and maintainers. After submitting you'll get an option to start a private clone of `jqlang/jq` for collaboration with the maintainers. |