docs: add SECURITY.md vulnerability reporting policy#452
docs: add SECURITY.md vulnerability reporting policy#452shamilsj2025aids wants to merge 7 commits into
Conversation
There was a problem hiding this comment.
Pull request overview
Adds a project-level security policy (SECURITY.md) describing supported versions and a vulnerability reporting / disclosure process. The PR also includes several unrelated runtime and container/dependency changes.
Changes:
- Adds
SECURITY.mdvulnerability reporting policy and response timeline. - Updates README intro blurb.
- Modifies Django view behavior and adjusts container/dependency setup (removes
psycopg2and removesdnsutilsinstall from Dockerfile).
Reviewed changes
Copilot reviewed 4 out of 5 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| requirements.txt | Removes psycopg2 dependency. |
| introduction/views.py | Fixes missing return in crypto_failure; changes error() to render a template. |
| SECURITY.md | Adds vulnerability reporting policy and supported versions section. |
| README.md | Rewrites the short project description sentence(s). |
| Dockerfile | Removes apt-installed OS packages previously used for labs and builds. |
Comments suppressed due to low confidence (1)
Dockerfile:12
- This hunk removes installation of
dnsutils, but the app callsdig/nslookup(e.g., incmd_labfor the command injection lab). Withoutdnsutilsin the image, those labs will fail at runtime withcommand not found. Please keep installingdnsutils(or adjust the lab implementation to use a tool guaranteed to exist in the base image).
# set work directory
WORKDIR /app
# Set environment variables
ENV PYTHONDONTWRITEBYTECODE=1
ENV PYTHONUNBUFFERED=1
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
|
||
| def error(request): | ||
| return | ||
| return render(request, 'introduction/error.html') |
There was a problem hiding this comment.
This view now renders introduction/error.html, but that template doesn't exist in the repo (no introduction/templates/introduction/error.html), so this will raise TemplateDoesNotExist and still 500. Either add the template or change this to render an existing template / intentionally return an HttpResponseServerError if the goal is to trigger an error lab.
| | Version | Supported | | ||
| |---------|-----------| | ||
| | latest (main) | ✅ | | ||
| | older releases | ❌ | |
There was a problem hiding this comment.
The Markdown table syntax here uses double leading pipes (|| ... |), which renders as an extra empty column (or may not render as intended). Use standard table syntax with single leading pipes (e.g., | Version | Supported |) so the Supported Versions section displays correctly on GitHub.
What this PR does
Adds a SECURITY.md file to establish a formal vulnerability reporting policy for the project.
Changes
Closes #421