Skip to content

docs: restore canonical security policy over bot-added SECURITY.md#597

Merged
WilliamBergamin merged 2 commits into
mainfrom
restore-security-policy
Jun 19, 2026
Merged

docs: restore canonical security policy over bot-added SECURITY.md#597
WilliamBergamin merged 2 commits into
mainfrom
restore-security-policy

Conversation

@WilliamBergamin

@WilliamBergamin WilliamBergamin commented Jun 19, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

What & why

The Salesforce OSPO Service Bot committed a top-level SECURITY.md to this repo. But in fact we want to direct reporter to the Slack bug bounty program on HackerOne (https://hackerone.com/slack).

The fix

@WilliamBergamin
docs: restore canonical security policy
610e92b 
Replace the top-level SECURITY.md added by the Salesforce OSPO Service
Bot on 2026-06-02 with a full security policy, and remove the older,
minimal .github/SECURITY.md.

GitHub resolves security policy with root taking precedence over
.github/, so the bot file (pointing to sfdc.co/SubmitVuln) had silently
become the effective policy. Rather than restore the outdated stub, the
root SECURITY.md now follows the same pattern as the other slackapi
repositories: HackerOne (https://hackerone.com/slack) as the primary
reporting channel, a CLI-specific threat model, and a coordinated
disclosure policy.

Co-Authored-By: Claude <svc-devxp-claude@slack-corp.com>
@codecov

codecov Bot commented Jun 19, 2026
edited
Loading

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 71.68%. Comparing base (3e741bf) to head (4ce6b4f).

Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #597      +/-   ##
==========================================
+ Coverage   71.65%   71.68%   +0.03%     
==========================================
  Files         226      226              
  Lines       19176    19176              
==========================================
+ Hits        13740    13746       +6     
+ Misses       4224     4220       -4     
+ Partials     1212     1210       -2

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@WilliamBergamin WilliamBergamin self-assigned this Jun 19, 2026
@WilliamBergamin WilliamBergamin added docs M-T: Documentation work only security Use on pull requests related to security labels Jun 19, 2026
@WilliamBergamin WilliamBergamin marked this pull request as ready for review June 19, 2026 19:00
@WilliamBergamin WilliamBergamin requested a review from a team as a code owner June 19, 2026 19:00
zimeg
zimeg approved these changes Jun 19, 2026
View reviewed changes

@zimeg zimeg left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@WilliamBergamin Thanks for combining these into a more descriptive page! 📠 ✨

@WilliamBergamin WilliamBergamin enabled auto-merge (squash) June 19, 2026 19:43
@WilliamBergamin WilliamBergamin merged commit 2851328 into main Jun 19, 2026
10 checks passed
@WilliamBergamin WilliamBergamin deleted the restore-security-policy branch June 19, 2026 19:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zimeg zimeg zimeg approved these changes

Assignees

@WilliamBergamin WilliamBergamin

Labels

docs M-T: Documentation work only security Use on pull requests related to security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@WilliamBergamin @zimeg