Security md update (#32370)

* updating SECURITY.md to indicate supported versions * updating vulnerability reporting guidelines * chore: format Co-authored-by: gatsbybot <[email protected]>
gatsbyjs · Jul 14, 2021 · 466636c · 466636c
1 parent 53ae249
commit 466636c
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/SECURITY.md b/SECURITY.md
@@ -13,4 +13,8 @@ The following versions are currently being supported with security updates.
 
 ## Reporting a Vulnerability
 
-Please email [email protected]
+If you believe you have found a security issue with any of Gatsby's open source or commercial offerings, we would love to receive your report! Security findings can be emailed to [email protected].
+
+When reporting a security issue, describe the issue in detail and include steps to reproduce. The more detail provided, the more likely we will be able to reproduce the issue and determine a course of action.
+
+Please do not report findings from `npm audit`. We are aware of package dependency issues that are reported by this tool and do review these reports. In many cases the issues reported by `npm audit` are misleading and do not present a tangible/exploitable security risk for Gatsby users.