Add a security policy (#864)

jl-wynen · Junjiequan · web-flow · commit a294b62bc8b3 · 2024-07-31T12:16:44.000Z
* Add a security policy

* Fix link

* Update SECURITY.md

* Update SECURITY.md

---------

Co-authored-by: Jay &lt;a331998513@gmail.com&gt;
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,18 @@
+# Security Policy
+
+## Supported Versions
+
+Only the latest version is supported.
+
+## Reporting a Vulnerability
+
+If you believe you have found a security vulnerability in SciCat, please
+- ✅ report it to us by creating a [security advisory](https://github.com/SciCatProject/scicat-backend-next/security/advisories/new).
+- ❌ do not report security vulnerabilities through public GitHub issues, discussions, or pull requests, etc.
+
+Please include as much information as you can to help us better understand and resolve the issue.
+We work on fixing the issues [privately](https://docs.github.com/en/code-security/security-advisories/working-with-repository-security-advisories/collaborating-in-a-temporary-private-fork-to-resolve-a-repository-security-vulnerability).
+
+## Disclosure
+
+We use GitHub [security advisories](https://github.com/SciCatProject/scicat-backend-next/security/advisories) to disclose fixed vulnerabilities.
