Networks/Reticulum-Go
2
1
Fork 0
Code Issues 4 Pull Requests 1 Actions Packages Projects 1 Releases 1 Wiki Activity

Update SECURITY.md to include Gitea instance for actions, specify CycloneDX for BOM generation, and clarify vulnerability reporting process.

Browse Source
This commit is contained in:
ivan
2025-12-28 21:21:34 -06:00
parent 634ff693de
commit 82523cc7df
1 changed files with 4 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
SECURITY.md
View File

@@ -1,14 +1,13 @@
# Security Policy
We use [Socket](https://socket.dev/), [Deepsource](https://deepsource.com/), CodeQL Advanced and [gosec](https://github.com/securego/gosec) for this project.
## Supply Chain Security
- All actions are pinned to a full-length commit hash.
- All actions are pinned to a full-length commit hash and have been forked to my Gitea instance in https://git.quad4.io/actions
- BOM generation using CycloneDX
## Cryptography Dependencies
- golang.org/x/crypto for core cryptographic primitives
- golang.org/x/crypto `v0.46.0` for core cryptographic primitives
- hkdf
- curve25519
@@ -22,4 +21,4 @@ We use [Socket](https://socket.dev/), [Deepsource](https://deepsource.com/), Cod
## Reporting a Vulnerability
Please report any security vulnerabilities using Github reporting tool or email to [rns@quad4.io](mailto:rns@quad4.io)
Refer to [https://quad4.io/security](https://quad4.io/security) for how to report vulnerabilities.