diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..8fcad1c5
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,41 @@
+# Security Policy
+
+## Purpose
+
+This document outlines the security reporting and responsible disclosure process for the AutoAudit project.
+
+## Supported Branches
+
+Security-related changes should be reviewed through pull requests before merging into protected branches.
+
+| Branch | Status |
+| --- | --- |
+| main | Active |
+| feature branches | Development |
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability within AutoAudit, please report it privately to the project maintainers.
+
+Please include:
+
+- A description of the issue
+- Steps to reproduce the issue
+- Potential impact
+- Relevant screenshots or logs if available
+
+Do not publicly disclose vulnerabilities through GitHub issues or discussions until they have been reviewed by the maintainers.
+
+## Security Review Process
+
+Security-related pull requests and changes should be reviewed before merging.
+
+The project uses GitHub-based workflows and security scanning processes to support secure development practices.
+
+## Dependency and Code Security
+
+Dependencies and code changes should be reviewed regularly to support secure development and reduce risk from vulnerable packages or insecure code patterns.
+
+## Responsible Disclosure
+
+Security issues should be handled responsibly to protect users, contributors, and project infrastructure while allowing maintainers time to investigate and resolve reported issues.
\ No newline at end of file