Add security policy and configure Dependabot for daily updates

Zingzy · Feb 1, 2025 · 6cf9999 · 6cf9999
1 parent 2f33ba5
commit 6cf9999
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 0 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,6 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
diff --git a/.github/security.md b/.github/security.md
@@ -0,0 +1,31 @@
+# Security Policy
+
+## Supported Versions
+
+Security fixes are applied to the latest version.
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability, please report it to us by emailing [[email protected]](mailto:[email protected]). We will respond as quickly as possible to address the issue.
+
+Please include the following details in your report:
+- A description of the vulnerability and its impact.
+- Steps to reproduce the vulnerability.
+- Any potential fixes or mitigations you have identified.
+
+## Security Updates
+
+We will notify users about security updates through our [GitHub repository](https://github.com/pollinations/pollinations) and our [Discord server](https://discord.gg/SFasNG4n6b). Please ensure you are subscribed to notifications to stay informed about important updates.
+
+## Security Best Practices
+
+To ensure the security of your deployment, we recommend the following best practices:
+- Regularly update your dependencies and apply security patches.
+- Use strong, unique passwords for all accounts.
+- Enable two-factor authentication (2FA) where possible.
+- Regularly back up your data and verify the integrity of your backups.
+- Monitor your deployment for suspicious activity and respond promptly to any incidents.
+
+## Contact
+
+If you have any questions or need further assistance, please contact us at [[email protected]](mailto:[email protected]).