From 29a46abecbf944d9d77450b1e22e0ab0f245a82e Mon Sep 17 00:00:00 2001
From: Jann Fischer <jann@mistrust.net>
Date: Wed, 5 Nov 2025 09:39:50 -0500
Subject: [PATCH 1/6] docs: Update SECURITY.md

Fixes #597

Signed-off-by: Jann Fischer <jann@mistrust.net>
---
 SECURITY.md | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/SECURITY.md b/SECURITY.md
index 977f2f1d..6b3622c0 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,13 +1,23 @@
-# Security Policy
+# Security Policy for argocd-agent
 
-The `argocd-agent` project is not ready for production yet. However, we do appreciate people fixing security issues in the code.
+Policy version 1.0 (2025/11/05)
 
-At this point in time, that means prior to GA or close to that, we will neither issue CVEs nor security advisories for discovered and fixed security issues. However, we will mention issues in release notes and we are happy to credit people who helped out.
+## Preface
+
+The `argocd-agent` project takes security very serious, and we are commited to continuously work on improving the security of the project.
 
 ## Supported Versions
 
-We do not have a support matrix yet. We do plan to follow the support matrix of Argo CD.
+Only the most recent minor release (e.g. 1.0 or 1.1) will receive security fixes for the time being, and no back-ports will be made.
 
 ## Reporting a Vulnerability
 
-Right now, please feel free to raise a GitHub issue and/or a PR with a fix for any vulnerability you come across.
+If you find a security vulnerability in the argocd-agent code, we appreciate your responsible disclosure to us.
+
+Please report vulnerabilities confidentially using GitHub's private security issue feature. You can create such a confidential vulnerability report [here](https://github.com/argoproj-labs/argocd-agent/security/advisories/new).
+
+We will do our best to react quickly on your inquiry, and to coordinate a fix and disclosure with you. Sometimes, it might take a little longer for us to react (e.g. out of office conditions), so please bear with us in these cases.
+
+We will publish security advisories using the GitHub Security Advisories feature, which includes issuing a CVE, to keep our community well-informed, and will credit you for your findings (unless you prefer to stay anonymous, of course).
+
+Please DO NOT report already known issues (for example, already issued CVEs in base images or dependencies) using GitHub's security advisories feature. In these cases, please open a normal GitHub issue (bug). Since these issues are already known, there is no reason to keep them confidential.

From 1acada23e6cc81e62bfc2adc2354d932ad460dcb Mon Sep 17 00:00:00 2001
From: Jann Fischer <jann@mistrust.net>
Date: Wed, 5 Nov 2025 10:00:35 -0500
Subject: [PATCH 2/6] Update SECURITY.md

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Signed-off-by: Jann Fischer <jann@mistrust.net>
---
 SECURITY.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/SECURITY.md b/SECURITY.md
index 6b3622c0..3f07195e 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -4,7 +4,7 @@ Policy version 1.0 (2025/11/05)
 
 ## Preface
 
-The `argocd-agent` project takes security very serious, and we are commited to continuously work on improving the security of the project.
+The `argocd-agent` project takes security very serious, and we are committed to continuously work on improving the security of the project.
 
 ## Supported Versions
 

From 748e431eec60768139db858fb6e36caafa74bf3c Mon Sep 17 00:00:00 2001
From: Jann Fischer <jann@mistrust.net>
Date: Wed, 5 Nov 2025 10:23:38 -0500
Subject: [PATCH 3/6] Update SECURITY.md

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Signed-off-by: Jann Fischer <jann@mistrust.net>
---
 SECURITY.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/SECURITY.md b/SECURITY.md
index 3f07195e..0c4ee43f 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -4,7 +4,7 @@ Policy version 1.0 (2025/11/05)
 
 ## Preface
 
-The `argocd-agent` project takes security very serious, and we are committed to continuously work on improving the security of the project.
+The `argocd-agent` project takes security very serious, and we are committed to continuously working on improving the security of the project.
 
 ## Supported Versions
 

From 892b18d180c060b1bfc5e7e340cc49c58082f07a Mon Sep 17 00:00:00 2001
From: Jann Fischer <jann@mistrust.net>
Date: Wed, 5 Nov 2025 10:59:24 -0500
Subject: [PATCH 4/6] Update SECURITY.md

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Signed-off-by: Jann Fischer <jann@mistrust.net>
---
 SECURITY.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/SECURITY.md b/SECURITY.md
index 0c4ee43f..2883384a 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -14,7 +14,7 @@ Only the most recent minor release (e.g. 1.0 or 1.1) will receive security fixes
 
 If you find a security vulnerability in the argocd-agent code, we appreciate your responsible disclosure to us.
 
-Please report vulnerabilities confidentially using GitHub's private security issue feature. You can create such a confidential vulnerability report [here](https://github.com/argoproj-labs/argocd-agent/security/advisories/new).
+Please report vulnerabilities confidentially using GitHub's private security issue feature. You can [create a confidential security advisory](https://github.com/argoproj-labs/argocd-agent/security/advisories/new).
 
 We will do our best to react quickly on your inquiry, and to coordinate a fix and disclosure with you. Sometimes, it might take a little longer for us to react (e.g. out of office conditions), so please bear with us in these cases.
 

From f1bd8afb172237157f3f0cef5c97ec486256cb6d Mon Sep 17 00:00:00 2001
From: "coderabbitai[bot]"
 <136622811+coderabbitai[bot]@users.noreply.github.com>
Date: Wed, 5 Nov 2025 16:01:56 +0000
Subject: [PATCH 5/6] =?UTF-8?q?=F0=9F=93=9D=20CodeRabbit=20Chat:=20Update?=
 =?UTF-8?q?=20SECURITY.md=20with=20link=20formatting=20and=20hyphenation?=
 =?UTF-8?q?=20fixes?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 SECURITY.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/SECURITY.md b/SECURITY.md
index 2883384a..265d5f63 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -8,16 +8,16 @@ The `argocd-agent` project takes security very serious, and we are committed to
 
 ## Supported Versions
 
-Only the most recent minor release (e.g. 1.0 or 1.1) will receive security fixes for the time being, and no back-ports will be made.
+Only the most recent minor version (e.g. 1.0 or 1.1) will receive security fixes, and no back-ports will be made.
 
 ## Reporting a Vulnerability
 
 If you find a security vulnerability in the argocd-agent code, we appreciate your responsible disclosure to us.
 
-Please report vulnerabilities confidentially using GitHub's private security issue feature. You can [create a confidential security advisory](https://github.com/argoproj-labs/argocd-agent/security/advisories/new).
+Please report vulnerabilities confidentially using GitHub's private security issue feature. You can [create a confidential vulnerability report](https://github.com/argoproj-labs/argocd-agent/security/advisories/new).
 
-We will do our best to react quickly on your inquiry, and to coordinate a fix and disclosure with you. Sometimes, it might take a little longer for us to react (e.g. out of office conditions), so please bear with us in these cases.
+We will do our best to react quickly on your inquiry, and to coordinate a fix and disclosure with you. Sometimes, it might take a little longer for us to react (e.g. out-of-office conditions), so please bear with us in these cases.
 
 We will publish security advisories using the GitHub Security Advisories feature, which includes issuing a CVE, to keep our community well-informed, and will credit you for your findings (unless you prefer to stay anonymous, of course).
 
-Please DO NOT report already known issues (for example, already issued CVEs in base images or dependencies) using GitHub's security advisories feature. In these cases, please open a normal GitHub issue (bug). Since these issues are already known, there is no reason to keep them confidential.
+Please DO NOT report already known issues (for example, already issued CVEs in base images or dependencies) using GitHub's security advisories feature. In these cases, please open a normal GitHub issue (bug). Since these issues are already known, there is no reason to keep them confidential.
\ No newline at end of file

From 61dc6c3ec1cda3c9b98386adb0ee04d621b60840 Mon Sep 17 00:00:00 2001
From: Jann Fischer <jann@mistrust.net>
Date: Wed, 5 Nov 2025 11:12:23 -0500
Subject: [PATCH 6/6] Update SECURITY.md

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Signed-off-by: Jann Fischer <jann@mistrust.net>
---
 SECURITY.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/SECURITY.md b/SECURITY.md
index 265d5f63..9135c6aa 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -4,7 +4,7 @@ Policy version 1.0 (2025/11/05)
 
 ## Preface
 
-The `argocd-agent` project takes security very serious, and we are committed to continuously working on improving the security of the project.
+The `argocd-agent` project takes security very seriously, and we are committed to continuously working on improving the security of the project.
 
 ## Supported Versions