-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix: dependencies review and security details
- Loading branch information
1 parent
bb0021c
commit 8555de8
Showing
2 changed files
with
22 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| name: 'Dependency Review' | ||
| on: [pull_request] | ||
|
|
||
| # Declare default permissions as read only. | ||
| permissions: read-all | ||
|
|
||
| jobs: | ||
| dependency-review: | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| pull-requests: write | ||
| steps: | ||
| - name: 'Checkout Repository' | ||
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
|
|
||
| - name: 'Dependency Review' | ||
| uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0 | ||
| with: | ||
| fail-on-severity: high | ||
| comment-summary-in-pr: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,9 +1,9 @@ | ||
| # Reporting Security Issues | ||
| The Rootstock team and community take security bugs in rootstock seriously. Beside this project is out of our Bug Bounty Program scope, we appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions. | ||
| ## Responsible Disclosure | ||
| For all security related issues, rootstock-foundry-starterkit has two main points of contact. Reach us at <[email protected]> or use the GitHub Security Advisory ["Report a Vulnerability"](https://github.com/rsksmart/rootstock-foundry-starterkit/security/advisories/new) tab. | ||
| For all security related issues, rootstock-foundry-starterkit has two main points of contact. Reach us at <[email protected]> or use the GitHub Security Advisory ["Report a Vulnerability"](https://github.com/rsksmart/rsk-wagmi-starter-kit/security/advisories/new) tab. | ||
| The Rootstock team will send a response indicating the next steps in handling your report. After the initial reply to your report, the security team will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance. | ||
| **Ensure the bug was not already reported** by searching on GitHub under [Issues](https://github.com/rsksmart/rootstock-foundry-starterkit/issues). | ||
| **Ensure the bug was not already reported** by searching on GitHub under [Issues](https://github.com/rsksmart/rsk-wagmi-starter-kit/issues). | ||
| ## Vulnerability Handling | ||
| ### Response Time | ||
| RootstockLabs will make a best effort to meet the following response times for reported vulnerabilities: | ||
|
|
||