From 2b5c55b727d71402782511a6227778c5e0c9c4c8 Mon Sep 17 00:00:00 2001 From: Marjan Georgiev Date: Wed, 19 Feb 2025 14:03:59 +0100 Subject: [PATCH] Add security policy --- SECURITY.md | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..5674933 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,34 @@ +# Security Policy + +## Supported Versions + +We release patches for security vulnerabilities in the latest major version of the package: + +| Version | Supported | +| ------- | ------------------ | +| Latest | :white_check_mark: | +| Older | :x: | + +## Reporting a Vulnerability + +If you discover a security vulnerability, please report it to us as follows: + +1. **Email us**: Send an email to [security@swimlane.com](mailto:security@swimlane.com) with the details of the vulnerability. +2. **Provide details**: Include as much information as possible about the vulnerability, including steps to reproduce it, potential impact, and any suggested fixes. +3. **Wait for a response**: We will acknowledge your email within 72 hours and provide a timeline for a fix. + +## Security Updates + +We will release security updates as needed. Users are encouraged to update to the latest version to ensure they have the latest security fixes. + +## Security Best Practices + +To help secure your Angular project, we recommend the following best practices: + +- **Keep dependencies up to date**: Regularly update your project dependencies to the latest versions. +- **Use HTTPS**: Ensure your application is served over HTTPS to protect data in transit. +- **Sanitize inputs**: Always sanitize user inputs to prevent injection attacks. +- **Enable Content Security Policy (CSP)**: Use CSP to mitigate cross-site scripting (XSS) and other code injection attacks. +- **Regularly review code**: Conduct regular code reviews to identify and fix potential security issues. + +Thank you for helping us keep our project secure!