ci: add security policy, CodeQL scanning, enable Dependabot

2026-04-03 00:35:42 -05:00 · 2026-04-03 00:35:42 -05:00 · aa38c3797e
commit aa38c3797e
parent 87989b899d
2 changed files with 70 additions and 0 deletions
--- a/SECURITY.md
+++ b/SECURITY.md
@ -0,0 +1,39 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+|---------|--------------------|
+| latest  | :white_check_mark: |
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability in WireGUI, please report it responsibly through **GitHub's private vulnerability reporting**:
+
+1. Go to the [Security Advisories](https://github.com/bartei/wiregui/security/advisories) page
+2. Click **"Report a vulnerability"**
+3. Fill in the details of the vulnerability
+
+Please **do not** open a public issue for security vulnerabilities.
+
+## What to Expect
+
+- You will receive an acknowledgment within **48 hours**
+- We will provide a timeline for a fix within **7 days**
+- Security patches will be released as soon as possible
+
+## Scope
+
+The following are in scope for security reports:
+
+- Authentication and authorization bypasses
+- SQL injection, XSS, CSRF, or other injection vulnerabilities
+- WireGuard configuration issues that could expose private keys
+- API token or session handling flaws
+- Privilege escalation between user roles
+
+## Out of Scope
+
+- Denial of service (DoS) attacks
+- Issues in third-party dependencies (report these upstream)
+- Social engineering attacks