Security improvements: Enable branch protection and add SECURITY.md #207
Description
Security Improvements Needed
Hey there! I noticed a couple of security gaps in the repo:
-
No branch protection on 'master'
- OSSF Scorecard flagged this as a warning
- Leaves the main branch vulnerable to unwanted changes
-
Missing SECURITY.md file
- No clear guidance on handling security issues
- Makes it tough for people to report vulnerabilities properly
Suggestions:
- Enable branch protection for 'master' (PR reviews, status checks, etc.)
- Add a SECURITY.md with basics like:
- How to report issues
- Response timeframes
- Supported versions
Happy to provide more details if needed.
Thanks for considering!