Skip to content

feat: Add SECURITY.md template for terraform_module repos (#225) #231

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
akuzminsky merged 2 commits into from
Jan 16, 2026
Merged

feat: Add SECURITY.md template for terraform_module repos (#225) #231

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
2ef40c6
feat: Add SECURITY.md template for terraform_module repos (#225)
akuzminsky Jan 16, 2026
97f5a25
fix: Remove unused source block from pages config to prevent drift
akuzminsky Jan 16, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
52 changes: 52 additions & 0 deletions modules/plain-repo/files/SECURITY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
# Security Policy

## Reporting a Vulnerability

We take security seriously. If you discover a security vulnerability in this project, please report it responsibly.

**Please DO NOT create a public GitHub issue for security vulnerabilities.**

### How to Report

Send an email to **security@infrahouse.com** with:

- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes (optional)

### What to Expect

- **Acknowledgment:** Within 48 hours of your report
- **Initial Assessment:** Within 5 business days
- **Resolution Timeline:** Depends on severity, typically 30-90 days

### Scope

This policy applies to:

- The Terraform module code in this repository
- Associated documentation and examples

### Out of Scope

- Issues in upstream dependencies (report to respective maintainers)
- Issues in AWS services (report to AWS)

## Security Best Practices

When using this module:

- Follow the principle of least privilege for IAM roles
- Enable encryption at rest and in transit where applicable
- Review the module's security group and IAM policy configurations
- Keep the module updated to the latest version

## Supported Versions

We provide security updates for the latest major version only.

| Version | Supported |
| ------- | ------------------ |
| Latest | :white_check_mark: |
| Older | :x: |
12 changes: 12 additions & 0 deletions modules/plain-repo/repos-files.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -156,6 +156,18 @@ resource "github_repository_file" "release_workflow" {
overwrite_on_create = true
}

resource "github_repository_file" "security_md" {
count = var.repo_type == "terraform_module" ? 1 : 0
depends_on = [
github_repository_ruleset.main
]
repository = github_repository.repo.name
file = "SECURITY.md"
content = file("${path.module}/files/SECURITY.md")
commit_message = "Add SECURITY.md"
overwrite_on_create = true
}

resource "github_repository_file" "docs_index" {
count = var.repo_type == "terraform_module" ? 1 : 0
depends_on = [
Expand Down
4 changes: 0 additions & 4 deletions modules/plain-repo/repos.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,10 +12,6 @@ resource "github_repository" "repo" {
for_each = var.enable_pages ? [1] : []
content {
build_type = "workflow"
source {
branch = "main"
path = "/"
}
}
}
}
Expand Down