SECURITY.md

## Security and Disclosure Information Policy for the RamaLama Project

## Reporting Security Vulnerabilities

If you discover a security vulnerability in RamaLama, please report it through GitHub's Security Advisory system. This allows us to coordinate a fix and disclosure process that protects users.

Please DO NOT report the issue publicly via the GitHub issue tracker,
mailing list, or IRC.  Please do **not** create a public issue.

### How to Report

1. Go to [our security advisory page](https://github.com/containers/ramalama/security/advisories/new) to privately report the vulnerability.
2. Provide detailed information about the vulnerability, including:
   - Description of the issue
   - Steps to reproduce
   - Potential impact
   - Suggested fix (if available)

Your report will be reviewed by the maintainers, and we will work with you to understand and address the issue promptly.

### What to Expect

- **Acknowledgment**: We will acknowledge receipt of your vulnerability report within 48 hours
- **Updates**: We will keep you informed about our progress in addressing the vulnerability
- **Credit**: We will credit you for the discovery when we publish the fix (unless you prefer to remain anonymous)

Thank you for helping keep RamaLama and its users secure!
Add communicy documents Update CONTRIBUTING.md Create CODE-OF-CONDUCT.md Create SECURITY.md Replaces: https://github.com/containers/ramalama/pull/737 Originally written by caradelia (Cara Delia) Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> 2025-02-04 14:48:36 -05:00			`## Security and Disclosure Information Policy for the RamaLama Project`

Update SECURITY.md. Use github issues for security vulnerabilities Fixes: https://github.com/containers/ramalama/issues/2063 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> 2025-10-29 14:55:01 -04:00			`## Reporting Security Vulnerabilities`

			`If you discover a security vulnerability in RamaLama, please report it through GitHub's Security Advisory system. This allows us to coordinate a fix and disclosure process that protects users.`

			`Please DO NOT report the issue publicly via the GitHub issue tracker,`
			`mailing list, or IRC. Please do not create a public issue.`

			`### How to Report`

			`1. Go to [our security advisory page](https://github.com/containers/ramalama/security/advisories/new) to privately report the vulnerability.`
			`2. Provide detailed information about the vulnerability, including:`
			`- Description of the issue`
			`- Steps to reproduce`
			`- Potential impact`
			`- Suggested fix (if available)`

			`Your report will be reviewed by the maintainers, and we will work with you to understand and address the issue promptly.`

			`### What to Expect`

			`- Acknowledgment: We will acknowledge receipt of your vulnerability report within 48 hours`
			`- Updates: We will keep you informed about our progress in addressing the vulnerability`
			`- Credit: We will credit you for the discovery when we publish the fix (unless you prefer to remain anonymous)`

			`Thank you for helping keep RamaLama and its users secure!`