Jiseoup/showmycodePublic
EN|KO
  • Code
  • Commits
  • Pull Requests
← Back to list
Merged

docs: add security policy

#45
JiseoupJiseoup · Jun 23, 2026docs/add-security-policy → main
docs
OverviewCommitsFiles changed

What & Why

Add SECURITY.md to document how to report vulnerabilities privately. Since showmycode's purpose is sharing private code without exposing credentials, a clear disclosure path matters — and Private vulnerability reporting is already enabled on the repo, so this gives it a front door. The policy directs reporters to the Security tab instead of public issues, sets a rolling-release support scope (latest main), and lists in/out-of-scope issues specific to the threat model (PAT exposure, share-token bypass, allowlist bypass, auth weaknesses).

Related Issue

N/A

How to Verify

  1. Open SECURITY.md and confirm the "Report a vulnerability" link points to the repo's Security tab.
  2. Confirm there are no UI or code changes (docs-only).

Checklist

  • PR title follows Conventional Commits (feat:, fix:, chore:, refactor:, docs:, i18n:)
  • Translations added to both locales/ko.json and locales/en.json (if UI text changed)
  • Tested on mobile viewport (if UI changed)