Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security Policy violation SECURITY.md #981

Closed
allstar-app bot opened this issue Oct 22, 2023 · 2 comments · Fixed by #983
Closed

Security Policy violation SECURITY.md #981

allstar-app bot opened this issue Oct 22, 2023 · 2 comments · Fixed by #983
Assignees
@kujtimprenkuSQA
Labels
allstar

Comments

@allstar-app
Copy link

allstar-app bot commented Oct 22, 2023

This issue was automatically created by Allstar.

Security Policy Violation
Security policy not enabled.
A SECURITY.md file can give users information about what constitutes a vulnerability and how to report one securely so that information about a bug is not publicly visible. Examples of secure reporting methods include using an issue tracker with private issue support, or encrypted email with a published key.

To fix this, add a SECURITY.md file that explains how to handle vulnerabilities found in your repository. Go to https://github.com/near/wallet-selector/security/policy to enable.

For more information, see https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository.

This issue will auto resolve when the policy is in compliance.

Issue created by Allstar. See https://github.com/ossf/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer.
@allstar-app allstar-app bot added the allstar label Oct 22, 2023
@allstar-app
Copy link
Author

allstar-app bot commented Oct 23, 2023

Updating issue after ping interval. See its status below.

Security policy not enabled.
A SECURITY.md file can give users information about what constitutes a vulnerability and how to report one securely so that information about a bug is not publicly visible. Examples of secure reporting methods include using an issue tracker with private issue support, or encrypted email with a published key.

To fix this, add a SECURITY.md file that explains how to handle vulnerabilities found in your repository. Go to https://github.com/near/wallet-selector/security/policy to enable.

For more information, see https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository.

@trechriron
Copy link
Collaborator

Here is more information on how to address this.

Here are the instructions I followed to set the default security.md file.

Here, you can find an example of what general security.md file should look like.

Here are the available instructions for the components of a security.md file.

As you can see, the individual security.md files should have specifics relating to security issues with each version (but keep in mind these will be public and should not contain sensitive information).

Still, many are general in nature and contain instructions on how to report a vulnerability in a repo.

@kujtimprenkuSQA kujtimprenkuSQA self-assigned this Oct 25, 2023
@kujtimprenkuSQA kujtimprenkuSQA mentioned this issue Oct 25, 2023
Merged
14 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kujtimprenkuSQA kujtimprenkuSQA

Labels
allstar
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add SECURITY.md file near/wallet-selector
2 participants
@trechriron @kujtimprenkuSQA