diff --git a/.github/workflows/e2e-tests.yml b/.github/workflows/e2e-tests.yml index f4290e3ae01..5d9b5440fcc 100644 --- a/.github/workflows/e2e-tests.yml +++ b/.github/workflows/e2e-tests.yml @@ -17,10 +17,10 @@ jobs: node-version: [18.x] steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 with: node-version: ${{ matrix.node-version }} cache: 'yarn' diff --git a/.github/workflows/node.js.yml b/.github/workflows/node.js.yml index 35890c3d48f..def88c0bacc 100644 --- a/.github/workflows/node.js.yml +++ b/.github/workflows/node.js.yml @@ -19,9 +19,9 @@ jobs: # See supported Node.js release schedule at https://nodejs.org/en/about/releases/ steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 with: node-version: ${{ matrix.node-version }} cache: 'npm' diff --git a/README.md b/README.md index efa3d4fc42e..1d516b4e94c 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,8 @@ Base is a secure, low-cost, developer-friendly Ethereum L2 built to bring the next billion users onchain. It's built on Optimism's open-source [OP Stack](https://stack.optimism.io/). +![Node.js CI](https://github.com/AdekunleBamz/web/actions/workflows/node.js.yml/badge.svg) + [![GitHub contributors](https://img.shields.io/github/contributors/base/web)](https://github.com/base/web/graphs/contributors) diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000000..4b95b8c15cd --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,74 @@ +# Security Policy + +## Supported Versions + +We take security seriously. This section outlines which versions of our project are currently supported with security updates. + +| Version | Supported | +| ------- | ------------------ | +| 1.0.x | :white_check_mark: | +| < 1.0 | :x: | + +## Reporting a Vulnerability + +If you discover a security vulnerability in this project, please report it responsibly. We appreciate your help in keeping our users safe. + +### How to Report + +1. **Do not** create a public GitHub issue for the vulnerability +2. Email security concerns to: [INSERT CONTACT EMAIL] (replace with actual contact) +3. Provide detailed information about the vulnerability: + - Description of the issue + - Steps to reproduce + - Potential impact + - Any suggested fixes + +### What to Expect + +- **Acknowledgment**: We'll acknowledge receipt of your report within 48 hours +- **Investigation**: We'll investigate the issue and keep you updated on our progress +- **Resolution**: We'll work to resolve the issue as quickly as possible +- **Disclosure**: Once fixed, we'll coordinate disclosure with you + +### Responsible Disclosure + +We follow responsible disclosure practices: +- We'll give you credit for the discovery (if you wish) +- We'll keep you informed throughout the process +- We won't disclose details until a fix is available + +## Security Best Practices + +When using this project, please follow these security best practices: + +### For Users +- Keep dependencies updated +- Use strong, unique passwords +- Enable two-factor authentication where available +- Monitor for suspicious activity + +### For Contributors +- Run security scans on code changes +- Follow secure coding practices +- Test for common vulnerabilities (OWASP Top 10) +- Use dependency scanning tools + +## Known Security Considerations + +- This project handles user data and authentication - ensure proper validation +- Web applications are susceptible to common attacks like XSS, CSRF +- API endpoints should validate inputs thoroughly +- Use HTTPS in production environments + +## Security Updates + +Security updates will be released as patch versions with the following naming convention: +- `MAJOR.MINOR.PATCH` where PATCH includes security fixes + +## Contact + +For security-related questions or concerns: +- Email: [INSERT CONTACT EMAIL] +- GitHub Security Advisories: Enable in repository settings + +Thank you for helping keep our project secure! \ No newline at end of file