Skip to content

Commit b8f15f4

Browse files
rwjdkrwjdk
committed
Repo-restructure
1 parent 0786b17 commit b8f15f4

File tree

2 files changed

+40
-0
lines changed

2 files changed

+40
-0
lines changed

AgentFrameworkToolkit.slnx

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@
1616
<File Path="CHANGELOG.md" />
1717
<File Path="CONTRIBUTING.md" />
1818
<File Path="README.md" />
19+
<File Path="SECURITY.md" />
1920
<File Path="src/.editorconfig" />
2021
<File Path="Directory.Build.props" />
2122
<File Path="Directory.Build.targets" />

SECURITY.md

Lines changed: 39 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,39 @@
1+
# Security Policy
2+
3+
## Supported Versions
4+
5+
AgentFramework Toolkit ships coordinated releases for all NuGet packages. Only the most recent preview/release published from the `main` branch receives security updates. If you're running an older version, plan to upgrade before requesting a fix.
6+
7+
## Reporting a Vulnerability
8+
9+
1. **Do not** open a public GitHub issue for security problems.
10+
2. Submit a private report via the GitHub security advisory form: https://github.com/rwjdk/AgentFrameworkToolkit/security/advisories/new
11+
3. Include:
12+
- A clear description of the issue and why it is a vulnerability.
13+
- Steps to reproduce (including sample code, environment details, and configuration values where possible).
14+
- The impact/severity you believe the issue has.
15+
- Any suggested mitigations.
16+
17+
If you need encrypted communication, mention it in the report and a maintainer will respond with PGP details.
18+
19+
## Response Process
20+
21+
1. You’ll receive an acknowledgment within 3 business days.
22+
2. The maintainers will investigate, reproduce, and classify the report.
23+
3. A coordinated fix will be developed and tested using the same pipeline defined in `.github/workflows/Build.yml`.
24+
4. A patched release will be published and the advisory will be updated before public disclosure.
25+
26+
## Coordinated Disclosure
27+
28+
We follow responsible disclosure practices:
29+
30+
- You will be credited (if desired) once the fix is released.
31+
- Please do not publicly disclose the vulnerability before the maintainers complete remediation or give you permission.
32+
33+
## Hardening Guidelines
34+
35+
- Keep dependencies up to date via `Directory.Packages.props`.
36+
- Run the full `dotnet build`/`dotnet test` workflow locally before submitting PRs.
37+
- Rotate API keys used in `development/Secrets` regularly and avoid committing secrets to the repository.
38+
39+
Thank you for helping keep AgentFramework Toolkit secure!***

0 commit comments

Comments
 (0)