nhcarrigan/docs
9
0
Fork 0
generated from nhcarrigan/template
Code Issues 2 Pull Requests 6 Actions Releases 1 Activity

feat: new security report page
Node.js CI / Lint and Test (pull_request) Successful in 54s
Details
Security Scan / Security Audit (pull_request) Failing after 5m3s
Details

Browse Source
This commit is contained in:
Naomi Carrigan
2025-12-17 20:11:11 -08:00
parent e799dbc453
commit ebb9499aa9
2 changed files with 8 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/content/docs/about/contact.md
+1
View File
@@ -286,6 +286,7 @@ This form helps ensure we collect all necessary information to investigate and a
:::
- **Security Vulnerability Report Form** (Preferred): https://forms.nhcarrigan.com/o/docs/forms/wgdbBkS4tjCGoVZTqtmMNx/4
- **Public Security Reports:** View aggregated and sanitized security vulnerability reports for all our products at: https://security.nhcarrigan.com/report/
- Email: security@nhcarrigan.com (for general security questions or if you prefer email)
- Use for:
- Reporting security vulnerabilities
src/content/docs/legal/security.md
+7 -11
View File
@@ -174,7 +174,7 @@ Our standard coordinated disclosure timeline follows this process:
**(c)** **Remediation Period:** Development and deployment of fixes (30-90 days depending on complexity);
**(d)** **Public Disclosure:** Joint announcement of vulnerability and resolution (after fix deployment and reasonable notice period).
**(d)** **Public Disclosure:** Joint announcement of vulnerability and resolution (after fix deployment and reasonable notice period). Aggregated and sanitized vulnerability reports are published at: https://security.nhcarrigan.com/report/
### 4.3. Public Acknowledgement
@@ -388,21 +388,17 @@ We utilise a comprehensive suite of security tools integrated into our developme
### 8.4. Public Security Reporting
:::tip[Heads Up!]{icon=pen}
The policy or policies in this section are still a work in progress. We have not yet implemented the necessary infrastructure to comply with this section.
We are working very hard to get them in place as soon as possible. If you would like to help, consider [applying to join our team!](https://forms.nhcarrigan.com/o/docs/forms/mCxDu3snk9TzFiDjrT4Vc8/4)
:::
We maintain transparency about our security posture through publicly accessible security reports and dashboards:
**(a)** **Quality Dashboard:** Real-time security and quality metrics available;
**(a)** **Security Vulnerability Reports:** Aggregated and sanitized security vulnerability reports for all our products are published at: https://security.nhcarrigan.com/report/
**(b)** **Security Reports:** Comprehensive security scan results published;
**(b)** **Quality Dashboard:** Real-time security and quality metrics available;
**(c)** **Regular Updates:** Weekly scanning cycles ensure up-to-date security information;
**(c)** **Security Reports:** Comprehensive security scan results published;
**(d)** **Trend Analysis:** Historical data tracking to identify and address security trends over time.
**(d)** **Regular Updates:** Weekly scanning cycles ensure up-to-date security information;
**(e)** **Trend Analysis:** Historical data tracking to identify and address security trends over time.
### 8.5. Security Development Lifecycle