Skip to content

docs: restore canonical security policy over bot-added SECURITY.md#1897

Merged
WilliamBergamin merged 1 commit into
mainfrom
restore-security-policy
Jun 19, 2026
Merged

docs: restore canonical security policy over bot-added SECURITY.md#1897
WilliamBergamin merged 1 commit into
mainfrom
restore-security-policy

Conversation

@WilliamBergamin

@WilliamBergamin WilliamBergamin commented Jun 19, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

What & why

The Salesforce OSPO Service Bot committed a top-level SECURITY.md to this repo. But in fact we want to direct reporter to the Slack bug bounty program on HackerOne (https://hackerone.com/slack).

The fix

This PR moves .github/SECURITY.md to the repository root, which:

  • replaces the bot-added SECURITY.md with the maintained policy, and
  • removes the now-redundant .github/SECURITY.md.

@WilliamBergamin
docs: restore canonical security policy
c61ca34 
Move .github/SECURITY.md to the repository root so it replaces the
top-level SECURITY.md added by the Salesforce OSPO Service Bot on
2026-06-02. GitHub resolves security policy with root taking precedence
over .github/, so the bot file had silently shadowed the maintained
policy. This restores the correct reporting channel.

Co-Authored-By: Claude <svc-devxp-claude@slack-corp.com>
@codecov

codecov Bot commented Jun 19, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 84.14%. Comparing base (ecb8ae9) to head (c61ca34).
✅ All tests successful. No failed tests found.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #1897   +/-   ##
=======================================
  Coverage   84.14%   84.14%           
=======================================
  Files         117      117           
  Lines       13356    13356           
=======================================
  Hits        11238    11238           
  Misses       2118     2118

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

@WilliamBergamin WilliamBergamin self-assigned this Jun 19, 2026
@WilliamBergamin WilliamBergamin added docs M-T: Documentation work only security labels Jun 19, 2026
@WilliamBergamin WilliamBergamin marked this pull request as ready for review June 19, 2026 19:01
@WilliamBergamin WilliamBergamin requested a review from a team as a code owner June 19, 2026 19:01
zimeg
zimeg approved these changes Jun 19, 2026
View reviewed changes

@zimeg zimeg left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@WilliamBergamin Kind thanks for keeping these visible and current 🔐

@WilliamBergamin WilliamBergamin merged commit e23b181 into main Jun 19, 2026
18 checks passed
@WilliamBergamin WilliamBergamin deleted the restore-security-policy branch June 19, 2026 19:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zimeg zimeg zimeg approved these changes

Assignees

@WilliamBergamin WilliamBergamin

Labels

docs M-T: Documentation work only security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@WilliamBergamin @zimeg