Skip to content

docs: add SECURITY.md vulnerability reporting policy#452

Open
shamilsj2025aids wants to merge 7 commits into
adeyosemanputra:masterfrom
shamilsj2025aids:docs/add-security-policy
Open

docs: add SECURITY.md vulnerability reporting policy#452
shamilsj2025aids wants to merge 7 commits into
adeyosemanputra:masterfrom
shamilsj2025aids:docs/add-security-policy

Conversation

@shamilsj2025aids

Copy link
Copy Markdown

What this PR does

Adds a SECURITY.md file to establish a formal vulnerability reporting policy for the project.

Changes

  • Documents supported versions
  • Provides clear instructions for reporting unintended vulnerabilities
  • Includes response timeline expectations
  • Outlines responsible disclosure policy

Closes #421

Copilot AI review requested due to automatic review settings March 24, 2026 06:10

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a project-level security policy (SECURITY.md) describing supported versions and a vulnerability reporting / disclosure process. The PR also includes several unrelated runtime and container/dependency changes.

Changes:

  • Adds SECURITY.md vulnerability reporting policy and response timeline.
  • Updates README intro blurb.
  • Modifies Django view behavior and adjusts container/dependency setup (removes psycopg2 and removes dnsutils install from Dockerfile).

Reviewed changes

Copilot reviewed 4 out of 5 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
requirements.txt Removes psycopg2 dependency.
introduction/views.py Fixes missing return in crypto_failure; changes error() to render a template.
SECURITY.md Adds vulnerability reporting policy and supported versions section.
README.md Rewrites the short project description sentence(s).
Dockerfile Removes apt-installed OS packages previously used for labs and builds.
Comments suppressed due to low confidence (1)

Dockerfile:12

  • This hunk removes installation of dnsutils, but the app calls dig/nslookup (e.g., in cmd_lab for the command injection lab). Without dnsutils in the image, those labs will fail at runtime with command not found. Please keep installing dnsutils (or adjust the lab implementation to use a tool guaranteed to exist in the base image).
# set work directory
WORKDIR /app




# Set environment variables
ENV PYTHONDONTWRITEBYTECODE=1
ENV PYTHONUNBUFFERED=1

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread introduction/views.py Outdated

def error(request):
return
return render(request, 'introduction/error.html')

Copilot AI Mar 24, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This view now renders introduction/error.html, but that template doesn't exist in the repo (no introduction/templates/introduction/error.html), so this will raise TemplateDoesNotExist and still 500. Either add the template or change this to render an existing template / intentionally return an HttpResponseServerError if the goal is to trigger an error lab.

Copilot uses AI. Check for mistakes.
Comment thread SECURITY.md
Comment on lines +8 to +11
| Version | Supported |
|---------|-----------|
| latest (main) | ✅ |
| older releases | ❌ |

Copilot AI Mar 24, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The Markdown table syntax here uses double leading pipes (|| ... |), which renders as an extra empty column (or may not render as intended). Use standard table syntax with single leading pipes (e.g., | Version | Supported |) so the Supported Versions section displays correctly on GitHub.

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Add proper SECURITY.md policy for vulnerability reporting

3 participants