From 1feff0d6998ea72eb7cc0fd69cd0e7d4540b7714 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pedro=20Pi=C3=B1era=20Buend=C3=ADa?= Date: Fri, 26 Nov 2021 18:15:31 +0100 Subject: [PATCH] Create SECURITY.md --- SECURITY.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000..eca24451e --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,21 @@ +# Security Policy +The Tuist repo is scanned frequently for code and dependency vulnerabilities. Notifications are received by the Tuist Core Team members, who assess risk, prioritize, and determine a remediation plan. Typically this process involves a package update or patch release and is resolved within 24 hours of notification. + +## Supported Versions + +| Version | Supported | +| ------- | ------------------ | +| 2.x.x | :white_check_mark: | + +## Reporting a Vulnerability + +If you discover a potential security issue, do let us know as soon as possible. We'll work toward a resolution as quickly as possible, so please provide us with a reasonable amount of time before disclosure to the public or a third-party. + +Contact us at [pedro@tuist.io](mailto:pedro@tuist.io) + +Thank you for helping improve Tuist security! + +## Security is Everyone's Responsibility +We take security seriously. Which is why we offer a friendly reminder that "Tuist Framework Security" **!=** "Security of Applications built with Tuist" + +It's our responsibility (Core Team members) to implement security best practices and make the framework as secure as possible. We will do as much as we can; however, we can only do so much. Ultimately, security rests in the hands of the application developers who use Tuist. If you haven't already, we recommend starting the security process for your application with [GitHub's Security Tools and Best Practices](https://docs.github.com/en/github/managing-security-vulnerabilities/managing-security-vulnerabilities-in-your-project).