diff --git a/.github/workflows/sdfactorypipeline.yml b/.github/workflows/sdfactorypipeline.yml
index 722f8c62..20abcaa5 100644
--- a/.github/workflows/sdfactorypipeline.yml
+++ b/.github/workflows/sdfactorypipeline.yml
@@ -95,4 +95,4 @@ jobs:
         # readme-filepath: path/to/dedicated/notice-for-docker-image.md 
           username: ${{ secrets.DOCKER_HUB_USER }}
           password: ${{ secrets.DOCKER_HUB_TOKEN }}
-          repository: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}
+          repository: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}
\ No newline at end of file
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index ad6105d9..a8be8a11 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -50,4 +50,4 @@ jobs:
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v2
         with:
-          sarif_file: "trivy-results.sarif"
+          sarif_file: "trivy-results.sarif"
\ No newline at end of file
diff --git a/SECURITY.md b/SECURITY.md
index 1c3f1692..52719847 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -2,5 +2,18 @@
 
 ## Reporting a Vulnerability
 
-Please report a found vulnerability here:
-[https://www.eclipse.org/security/](https://www.eclipse.org/security/)
+Please do **not** report security vulnerabilities through public GitHub issues.
+
+Please report vulnerabilities to this repository via **GitHub security advisories** instead.
+
+How? Inside affected repository --> security tab
+
+for contributor:
+--> Report a vulnerability
+
+for committer:
+--> advisories --> New draft security advisory
+
+In severe cases, you can also report a found vulnerability via mail or eclipse issue here: https://www.eclipse.org/security/
+
+See [Eclipse Foundation Vulnerability Reporting Policy](https://www.eclipse.org/projects/handbook/#vulnerability)