Skip to content

docs: add security policy (SECURITY.md)#593

Open
Reid-n0rc wants to merge 1 commit into
patrickrb:devfrom
Reid-n0rc:docs/security-policy
Open

docs: add security policy (SECURITY.md)#593
Reid-n0rc wants to merge 1 commit into
patrickrb:devfrom
Reid-n0rc:docs/security-policy

Conversation

@Reid-n0rc

Copy link
Copy Markdown
Collaborator

Adds a root-level SECURITY.md security policy for the project.

What

  • Supported platforms table covering all flavors: Android (ft8af/), desktop for Windows/macOS/Linux (desktop/, Tauri + bundled Hamlib), and iOS (ios/).
  • Private reporting via GitHub security advisories, with k1af@ft8af.app as the fallback contact — explicitly not public issues or Discord.
  • Scope across platforms: untrusted RF/decoded input in the native ft8_lib/JNI DSP path, CAT/audio handling & the direct-libusb path, desktop Hamlib rig control, the Tauri/Rust IPC surface, and logging-service credentials (Cloudlog, QRZ).
  • Upstream coordination note for the vendored ft8_lib DSP core and bundled Hamlib.

Notes

  • For the "Report a vulnerability" button to appear, enable Private vulnerability reporting in repo Settings → Security.
  • GitHub surfaces the policy from the file on the default branch, so it won't show in the Security tab until this reaches main.
  • Response-time SLAs (5/10 business days) are placeholders — adjust as desired.

Closes #592

🤖 Generated with Claude Code

Add a root-level SECURITY.md covering all app flavors (Android, desktop
for Windows/macOS/Linux, iOS). Documents private vulnerability reporting
via GitHub advisories with k1af@ft8af.app as fallback contact, plus
scope, supported platforms, and upstream coordination for the vendored
ft8_lib DSP core and bundled Hamlib.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@codecov

codecov Bot commented Jul 15, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 29.46%. Comparing base (ff272aa) to head (c7bbf1e).

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff            @@
##                dev     #593   +/-   ##
=========================================
  Coverage     29.46%   29.46%           
  Complexity      197      197           
=========================================
  Files           179      179           
  Lines         24106    24106           
  Branches       3263     3263           
=========================================
  Hits           7104     7104           
  Misses        16781    16781           
  Partials        221      221           
Flag Coverage Δ
native 9.93% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@Reid-n0rc

Copy link
Copy Markdown
Collaborator Author

@patrickrb has to enable Private vulnerability reporting

This also needs to be merged into main.

@Reid-n0rc

Copy link
Copy Markdown
Collaborator Author

@patrickrb — security policy for FT8AF, ready for your review. Heads-up: enable Private vulnerability reporting in repo Settings → Security so the reporting flow works, and the policy only surfaces in the Security tab once it reaches main.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant