SECURITY.md from ICTU/quality-time

SECURITY.md

Summary

Maintainability

Test Coverage

Issues
Source
Stats

Issues

# Security Policy

## Current status

*Quality-time* has not been hardened yet. We advise against running *Quality-time* internet-facing or in an otherwise untrusted environment.

## Software Bill of Materials (SBOM)

Starting with release v4.6.0-rc.4, an SBOM is generated for each release. The [GitHub Actions release workflow](https://github.com/ICTU/quality-time/actions/workflows/release.yml) creates an Software Bill of Materials (SBOM) for the release, which can be found under the "Artifacts" header of the workflow run.

## Supported versions

Only the latest version of *Quality-time* is currently being supported with security updates.

## Reporting a vulnerability

You can privately [report a vulnerability issue in this repository's issue tracker](https://github.com/ICTU/quality-time/security/advisories/new).