File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ # Security Policy
2+
3+ ## Supported versions
4+
5+ Security fixes are provided for the most recently released version of
6+ Neovolve.Configuration.DependencyInjection published on
7+ [ NuGet] ( https://www.nuget.org/packages/Neovolve.Configuration.DependencyInjection ) .
8+ Please upgrade to the latest release before reporting a vulnerability.
9+
10+ ## Reporting a vulnerability
11+
12+ Please do ** not** report security vulnerabilities through public GitHub issues,
13+ discussions, or pull requests.
14+
15+ Instead, report them privately using GitHub's
16+ [ private vulnerability reporting] ( https://github.com/roryprimrose/Neovolve.Configuration.DependencyInjection/security/advisories/new ) .
17+ This opens a confidential advisory that only the maintainers can see.
18+
19+ When reporting, please include as much of the following as you can:
20+
21+ - The affected version(s) and target framework.
22+ - A description of the vulnerability and its impact.
23+ - Steps to reproduce, ideally a minimal reproducer or failing test.
24+ - Any known workarounds.
25+
26+ ## What to expect
27+
28+ This is a community-maintained open source project without a dedicated 24/7
29+ response team, so please allow a reasonable amount of time for an initial
30+ response. We will acknowledge your report, work with you to understand and
31+ validate the issue, and coordinate the disclosure timeline with you once a fix
32+ is available.
Original file line number Diff line number Diff line change 1+ name : Dependency Review
2+
3+ # Reviews dependency changes on pull requests and fails the build if a pull
4+ # request introduces a dependency with a known vulnerability. Requires the
5+ # repository's Dependency Graph to be enabled (on by default for public repos).
6+ on :
7+ pull_request :
8+ branches :
9+ - ' **'
10+
11+ permissions :
12+ contents : read
13+
14+ jobs :
15+ dependency-review :
16+ runs-on : ubuntu-latest
17+ steps :
18+ - name : Checkout
19+ uses : actions/checkout@v7
20+
21+ - name : Dependency Review
22+ uses : actions/dependency-review-action@v4
23+ with :
24+ fail-on-severity : high
You can’t perform that action at this time.
0 commit comments