Create SECURITY.md

[misrasaurabh1]

PR Type

Documentation

---

Description

• Add SECURITY.md outlining vulnerability policy

• Define supported versions commitment

• Specify vulnerability reporting channels

• Describe acknowledgment and advisory process

---

File Walkthrough

	Relevant files
Documentation	SECURITY.md Add security vulnerability disclosure policy                          SECURITY.md Created new SECURITY.md file Outlines supported versions policy Provides reporting procedures and contacts Details acknowledgment and advisory process +19/-0

---

[github-actions]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 1 🔵⚪⚪⚪⚪

🧪 No relevant tests

🔒 No security concerns identified

⚡ Recommended focus areas for review Version Support Clarity The policy commits to fixing security issues only for the latest client version without specifying which past versions are supported or for how long. Clarify the supported versions and maintenance window for security fixes. Since Codeflash is moving quickly, we can only commit to fixing security issues for the latest version of codeflash client. If a vulnerability is discovered in our backend, we will release the fix for all the users. Response Timeframes The document states acknowledgements will be immediate and fixes “as soon as we can” but lacks clear SLAs or timelines for response and remediation. Consider defining specific acknowledgement and resolution timeframes. We commit to acknowledging vulnerability reports immediately, and will work to fix active vulnerabilities as soon as we can. We will publish resolved vulnerabilities in the form of security advisories on our GitHub security page. Critical incidents will be communicated both on the GitHub security page and via email to all affected users.

[github-actions]

PR Code Suggestions ✨

No code suggestions found for the PR.