diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 62b5e0ac..6f5465ca 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -5,7 +5,7 @@ # or to provide custom queries or build logic. # name: "CodeQL" - +permissions: read-all # Declare default permissions as read only. on: push: branches: ["main"] @@ -26,8 +26,6 @@ jobs: name: Analyze runs-on: ubuntu-latest permissions: - actions: read - contents: read security-events: write strategy: fail-fast: false diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 79a7280e..b2a1cc24 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -1,4 +1,5 @@ name: Documentation +permissions: read-all # Declare default permissions as read only. on: push: branches: ["main"] diff --git a/.github/workflows/run-tests.yml b/.github/workflows/run-tests.yml index 55a9fe1d..0639423a 100644 --- a/.github/workflows/run-tests.yml +++ b/.github/workflows/run-tests.yml @@ -1,6 +1,7 @@ # This workflow will install Python dependencies, run tests and lint with a variety of Python versions # For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions name: Test Build +permissions: read-all # Declare default permissions as read only. on: push: branches: ["main"] diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..9688dba5 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,14 @@ +# Security Policy + +## Supported Versions + +CLI Command Parser uses a rolling release policy with date-based release numbers. + +The three most recent releases available in PyPI at any given time are fully supported. +Older versions are either not supported, or are supported on a best effort basis. + + +## Reporting a Vulnerability + +Please use the following page to report any vulnerabilities: +https://github.com/dskrypa/cli_command_parser/security/advisories