Skip to content

Create SECURITY.md for security policy#256

Open
LGLenz wants to merge 1 commit intoelectron-forge:v6from
LGLenz:patch-1
Open

Create SECURITY.md for security policy#256
LGLenz wants to merge 1 commit intoelectron-forge:v6from
LGLenz:patch-1

Conversation

@LGLenz
Copy link

@LGLenz LGLenz commented Mar 22, 2026

Add a security policy document outlining supported versions and vulnerability reporting.

@LGLenz
Create SECURITY.md for security policy
e9c16d1 
Add a security policy document outlining supported versions and vulnerability reporting.
Copilot AI review requested due to automatic review settings March 22, 2026 13:11
Copilot AI reviewed Mar 22, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a SECURITY.md file intended to define the repository’s security policy (supported versions and how to report vulnerabilities).

Changes:

  • Introduces SECURITY.md with sections for supported versions and vulnerability reporting.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

SECURITY.md
Comment on lines +5 to +6
Use this section to tell people about which versions of your project are
currently being supported with security updates.
Copy link

Copilot AI Mar 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This section still contains the default GitHub template text rather than a project-specific supported-versions policy. Please replace the placeholder guidance with concrete support commitments (e.g., which Electron Forge major/minor lines receive security fixes and for how long).

Copilot uses AI. Check for mistakes.
SECURITY.md
Comment on lines +10 to +14
| 5.1.x | :white_check_mark: |
| 5.0.x | :x: |
| 4.0.x | :white_check_mark: |
| < 4.0 | :x: |

Copy link

Copilot AI Mar 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The supported versions table appears to be copied from the default template (e.g., 5.1.x / 4.0.x) and doesn’t match this repo’s documented Electron Forge versions (README references v7.x). Please update the version ranges to reflect the actual supported release lines for this project.

Suggested change
| 5.1.x | :white_check_mark: |
| 5.0.x | :x: |
| 4.0.x | :white_check_mark: |
| < 4.0 | :x: |
| 7.x | :white_check_mark: |
| < 7.0 | :x: |

Copilot uses AI. Check for mistakes.
SECURITY.md
Comment on lines +17 to +21
Use this section to tell people how to report a vulnerability.

Tell them where to go, how often they can expect to get an update on a
reported vulnerability, what to expect if the vulnerability is accepted or
declined, etc.
Copy link

Copilot AI Mar 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This vulnerability reporting section is still placeholder text. Please specify an actual reporting channel (e.g., GitHub Security Advisories / private email), expected response timelines, and what reporters should include so reports can be triaged effectively.

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@LGLenz