From 13ef39acd65271bab6208a6e7ef33a891d28b873 Mon Sep 17 00:00:00 2001 From: CrashOverrid3 Date: Thu, 1 Feb 2024 19:35:41 -0800 Subject: [PATCH 1/2] security md --- security.md | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 security.md diff --git a/security.md b/security.md new file mode 100644 index 000000000..29c2c0761 --- /dev/null +++ b/security.md @@ -0,0 +1,8 @@ +# Reporting Security Issues + +The Kaspa team and community take security bugs in Kaspa seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions. + +To report a security issue, please use the GitHub Security Advisory ["Report a Vulnerability"] tab. + +The Kaspa team will send a response indicating the next steps in handling your report. After the initial reply to your report, the security team will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance. + From ff51b5a16a7eeb8473f7e82709eff2cd5e8bf2b3 Mon Sep 17 00:00:00 2001 From: CrashOverrid3 Date: Sun, 16 Jun 2024 20:11:21 -0700 Subject: [PATCH 2/2] Create dependabot.yml --- .github/dependabot.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000..5251d0f38 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,11 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file + +version: 2 +updates: + - package-ecosystem: "cargo" # See documentation for possible values + directory: "/" # Location of package manifests + schedule: + interval: "weekly"