From c950474e80dd4813975161a597461cbce64ff026 Mon Sep 17 00:00:00 2001 From: Barry KW Suridge Date: Fri, 1 May 2026 03:22:34 +1000 Subject: [PATCH] chore: add repository governance files (CODEOWNERS, CONTRIBUTING, SECURITY) Signed-off-by: Barry KW Suridge --- .github/CODEOWNERS | 2 ++ CONTRIBUTING.md | 20 ++++++++++++++++++++ SECURITY.md | 23 +++++++++++++++++++++++ 3 files changed, 45 insertions(+) create mode 100644 .github/CODEOWNERS create mode 100644 CONTRIBUTING.md create mode 100644 SECURITY.md diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..d71447b --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,2 @@ +# Default owner for all files +* @Alcheri diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..680ac7b --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,20 @@ +# Contributing + +Thank you for considering a contribution. + +This project uses: + +- DCO sign-off +- Required CI checks +- CodeQL security scanning +- Protected default branch rules + +## Commit sign-off + +All commits must be signed off using the Developer Certificate of Origin. + +Use: + +```bash +git commit -s -m "Describe your change" +``` diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..220e69f --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,23 @@ +# Security Policy + +## Supported Versions + +Security updates apply to the latest commit on the `main` branch. Older tags or branches may not receive fixes. + +## Reporting a Vulnerability + +If you discover a security issue, please report it privately. + +- Email: +- Do not open a public GitHub issue. +- Provide clear steps to reproduce the problem if possible. + +You will receive an acknowledgement within 72 hours. + +## Scope + +This project is intended for controlled environments. It does not guarantee protection against untrusted networks, hostile users, or adversarial workloads. + +## Disclosure + +Once a fix is available, a short summary of the issue may be published. Sensitive details may be withheld to protect downstream users.