Add a dynamic security workflow and a SECURITY.md file (#12)

We’re committed to protecting our systems, information, and our client’s information. One of the ways we can enforce that in our OS projects is to provide a way to report a Vulnerability. Add a dynamic security workflow that will automatically create PRs to update our Security policies in this repo.
thoughtbot · Jul 19, 2024 · 91d58c5 · 91d58c5
1 parent 2c895b7
commit 91d58c5
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 0 deletions.
diff --git a/.github/workflows/dynamic-security.yml b/.github/workflows/dynamic-security.yml
@@ -0,0 +1,19 @@
+name: update-security
+
+on:
+  push:
+    paths:
+      - SECURITY.md
+    branches:
+      - main
+  workflow_dispatch:
+
+jobs:
+  update-security:
+    permissions:
+      contents: write
+      pull-requests: write
+      pages: write
+    uses: thoughtbot/templates/.github/workflows/dynamic-security.yaml@main
+    secrets:
+      token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,2 @@
+<!-- START /templates/security.md -->
+<!-- END /templates/security.md -->
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		<!-- START /templates/security.md -->
		<!-- END /templates/security.md -->