Skip to content

Replace SECURITY.md template with project-specific policy#4

Merged
cgfixit merged 1 commit into
mainfrom
optimize/fix-security-policy
Jun 30, 2026
Merged

Replace SECURITY.md template with project-specific policy#4
cgfixit merged 1 commit into
mainfrom
optimize/fix-security-policy

Conversation

@cgfixit

@cgfixit cgfixit commented Jun 30, 2026

Copy link
Copy Markdown
Owner

Summary

  • Fix version table: replaced nonsensical version references (5.1.x, 5.0.x, 4.0.x) with accurate "latest on main" since this project has no semantic versioning releases.
  • Fill in vulnerability reporting: replaced placeholder template text with concrete instructions — use GitHub's private vulnerability reporting, include repro steps, expect 7-day response.
  • Add security considerations section: documents WinRM transport security (prefer HTTPS/Kerberos), service account least-privilege, and execution policy recommendations (RemoteSigned or AllSigned).

Motivation

The existing SECURITY.md was the default GitHub template with no project-specific content. A developer or security researcher finding this file would get no useful information about how to report a vulnerability or what security assumptions the project makes.

Test plan

  • Review that version support table matches project's actual release model
  • Verify vulnerability reporting instructions match your preferred workflow
  • Confirm security considerations align with your deployment environment

Generated by Claude Code

The existing SECURITY.md was an unfilled GitHub template with version
numbers (5.1.x, 4.0.x) that don't correspond to this project and
placeholder text for vulnerability reporting.

Replace with:
- Accurate version support table (latest on main, no semver releases)
- Concrete vulnerability reporting instructions (private reporting,
  email, expected response time)
- Security considerations section covering WinRM transport security,
  service account least-privilege, and execution policy recommendations

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01DDj3zuCAvrsZcQKsPpPHvA
@github-actions

Copy link
Copy Markdown

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

@cgfixit cgfixit marked this pull request as ready for review June 30, 2026 03:57
@cgfixit cgfixit merged commit f983a5a into main Jun 30, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants