Merge pull request #69 from dskrypa/dev

Fixed workflow permissions and added security policy

.github/workflows/codeql-analysis.yml

@@ -5,7 +5,7 @@
 # or to provide custom queries or build logic.
 #
 name: "CodeQL"
-
+permissions: read-all  # Declare default permissions as read only.
 on:
   push:
     branches: ["main"]
@@ -26,8 +26,6 @@ jobs:
     name: Analyze
     runs-on: ubuntu-latest
     permissions:
-      actions: read
-      contents: read
       security-events: write
     strategy:
       fail-fast: false

.github/workflows/docs.yml

@@ -1,4 +1,5 @@
 name: Documentation
+permissions: read-all  # Declare default permissions as read only.
 on:
   push:
     branches: ["main"]

.github/workflows/run-tests.yml

@@ -1,6 +1,7 @@
 # This workflow will install Python dependencies, run tests and lint with a variety of Python versions
 # For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions
 name: Test Build
+permissions: read-all  # Declare default permissions as read only.
 on:
   push:
     branches: ["main"]

SECURITY.md

@@ -0,0 +1,14 @@
+# Security Policy
+
+## Supported Versions
+
+CLI Command Parser uses a rolling release policy with date-based release numbers.
+
+The three most recent releases available in PyPI at any given time are fully supported.
+Older versions are either not supported, or are supported on a best effort basis.
+
+
+## Reporting a Vulnerability
+
+Please use the following page to report any vulnerabilities:
+https://github.com/dskrypa/cli_command_parser/security/advisories