Merge pull request #94 from 0xPolygon/security-update

Security update
0xPolygon · Mar 13, 2024 · 9890a83 · 9890a83
2 parents 8eb6ca5 + 32d6122
commit 9890a83
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 0 deletions.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -0,0 +1 @@
+* @0xPolygon/core-cdk
diff --git a/.github/workflows/security-build.yml b/.github/workflows/security-build.yml
@@ -0,0 +1,22 @@
+name: Security Build
+on:
+  push:
+  workflow_dispatch: {}
+
+jobs:
+  govuln:
+    name: Run govuln check and Publish
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Running govulncheck
+        uses: Templum/govulncheck-action@v0.0.8
+        continue-on-error: true
+        env:
+          DEBUG: "true"
+        with:
+          go-version: 1.21.x
+          vulncheck-version: latest
+          package: ./...
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          fail-on-vuln: true
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,17 @@
+# Polygon Technology Security Information
+
+## Link to vulnerability disclosure details (Bug Bounty).
+- Websites and Applications: https://hackerone.com/polygon-technology
+- Smart Contracts: https://immunefi.com/bounty/polygon
+
+## Languages that our team speaks and understands.
+Preferred-Languages: en
+
+## Security-related job openings at Polygon.
+https://polygon.technology/careers
+
+## Polygon security contact details.
+security@polygon.technology
+
+## The URL for accessing the security.txt file.
+Canonical: https://polygon.technology/security.txt