From c70b0ef5dcd71a61ae1e98e5e0fdcc4204ecbbe8 Mon Sep 17 00:00:00 2001
From: Samir M <samir.marini@sonarsource.com>
Date: Thu, 22 Aug 2024 15:03:17 +0200
Subject: [PATCH] BUILD-6088 Create SECURITY.md

---
 SECURITY.md | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..7d9ae90
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,24 @@
+# Reporting Security Issues
+
+A mature software vulnerability treatment process is a cornerstone of a robust
+information security management system.
+Contributions from the community play an important role in the evolution and
+security of our products, and in safeguarding
+the security and privacy of our users.
+
+If you believe you have discovered a security vulnerability in Sonar's products,
+we encourage you to report it immediately.
+
+To responsibly report a security issue, please email us at [security@sonarsource.com](mailto:security@sonarsource.com).
+Sonar’s security team will acknowledge your report, guide you through the next
+steps, or request additional information if necessary.
+Customers with a support contract can also report the vulnerability directly
+through the support channel.
+
+For security vulnerabilities found in third-party libraries, please also contact
+the library's owner or maintainer directly.
+
+## Responsible Disclosure Policy
+
+For more information about disclosing a security vulnerability to Sonar, please
+refer to our community post: [Responsible Vulnerability Disclosure](https://community.sonarsource.com/t/responsible-vulnerability-disclosure/9317/).