chore: configure security policy (#3)

rdhar · web-flow · commit 4119caae55c4 · 2025-06-07T15:51:13.000+01:00
Signed-off-by: Rishav Dhar &lt;19497993+rdhar@users.noreply.github.com&gt;
diff --git a/README.md b/README.md
@@ -1,2 +1,46 @@
-# Inference-Request
-Run an inference request to GitHub Models via GitHub Actions.
+[![GitHub license](https://img.shields.io/github/license/op5dev/inference-request?logo=apache&label=License)](LICENSE "Apache License 2.0.")
+[![GitHub release tag](https://img.shields.io/github/v/release/op5dev/inference-request?logo=semanticrelease&label=Release)](https://github.com/op5dev/inference-request/releases "View all releases.")
+*
+[![GitHub repository stargazers](https://img.shields.io/github/stars/op5dev/inference-request)](https://github.com/op5dev/inference-request "Become a stargazer.")
+
+# Inference Request via GitHub Action
+
+> [!TIP]
+> Run an inference request to GitHub Models via GitHub Action.
+
+</br>
+
+## Usage Examples
+
+</br>
+
+## Security
+
+View [security policy and reporting instructions](SECURITY.md).
+
+> [!TIP]
+>
+> Pin your GitHub Action to a [commit SHA](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions "Security hardening for GitHub Actions.") to harden your CI/CD pipeline security against supply chain attacks.
+
+</br>
+
+## Changelog
+
+View [all notable changes](https://github.com/op5dev/inference-request/releases "Releases.") to this project in [Keep a Changelog](https://keepachangelog.com "Keep a Changelog.") format, which adheres to [Semantic Versioning](https://semver.org "Semantic Versioning.").
+
+> [!TIP]
+>
+> All forms of **contribution are very welcome** and deeply appreciated for fostering open-source projects.
+>
+> - [Create a PR](https://github.com/op5dev/inference-request/pulls "Create a pull request.") to contribute changes you'd like to see.
+> - [Raise an issue](https://github.com/op5dev/inference-request/issues "Raise an issue.") to propose changes or report unexpected behavior.
+> - [Open a discussion](https://github.com/op5dev/inference-request/discussions "Open a discussion.") to discuss broader topics or questions.
+> - [Become a stargazer](https://github.com/op5dev/inference-request/stargazers "Become a stargazer.") if you find this project useful.
+
+</br>
+
+## License
+
+- This project is licensed under the **permissive** [Apache License 2.0](LICENSE "Apache License 2.0.").
+- All works herein are my own, shared of my own volition, and [contributors](https://github.com/op5dev/inference-request/graphs/contributors "Contributors.").
+- Copyright 2016-present [Rishav Dhar](https://github.com/rdhar "Rishav Dhar's GitHub profile.") — All wrongs reserved.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,20 @@
+# Security Policy
+
+> [!TIP]
+>
+> Pin your GitHub Action to a [commit SHA](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions "Security hardening for GitHub Actions.") to harden your CI/CD pipeline security against supply chain attacks.
+
+</br>
+
+Integrating security in your CI/CD pipeline is critical to practicing DevSecOps. This action aims to be secure by default, and it should be complemented with your own review to ensure it meets your (organization's) security requirements.
+
+## Supported Versions
+
+| Version | Supported |
+| :-----: | :-------: |
+|  v2.x.x  |    Yes    |
+| ≤ v1.x.x |    No     |
+
+## Reporting a Vulnerability
+
+You must never report security related issues, vulnerabilities or bugs including sensitive information to the issue tracker, or elsewhere in public. Instead, sensitive bugs must be sent by email to <contact@OP5.dev> or reported via [Security Advisory](https://github.com/op5dev/inference-request/security/advisories/new "Create a new security advisory.").
