diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..402215a8 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,12 @@ +# Reporting Security Issues + +You can privately report a potential security issue via the GitHub security advisory feature. This can be done here: + +https://github.com/IBM/sonar-cryptography/security/advisories + +Please do **not** open a public issue about a potential security vulnerability. + +You can find more details on the security vulnerability feature in the GitHub +documentation here: + +https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability