feat #179: added Security Policy File (#180)

Signed-off-by: sushant-suse <[email protected]>

Author: sushant-suse

SECURITY.md

@@ -0,0 +1,23 @@
+# Security Policy
+
+## Supported Versions
+
+We currently provide security updates only for the latest development on the `main` branch. We recommend all users stay on the most recent commit or release to ensure they have the latest security patches.
+
+## Reporting a Vulnerability
+
+**Please do not open public GitHub issues for security vulnerabilities.**
+
+If you discover a potential security flaw in this project, please report it privately through GitHub's native reporting tool. This allows us to resolve the issue before information is made public, protecting our users.
+
+### How to report?
+
+1. Navigate to the **[Security](https://github.com/openSUSE/docbuild/security)** tab of this repository.
+2. Click **Advisories** in the left sidebar.
+3. Click **Report a vulnerability** to open a private draft advisory.
+
+Using this tool allows us to collaborate on a fix in a private workspace before disclosing the issue publicly.
+
+## Automated Scanning
+
+This repository uses **GitHub CodeQL** to automatically scan for vulnerabilities on every Pull Request. Results are monitored by the maintainers in the "Security" tab.

changelog.d/179.infra.rst

@@ -0,0 +1 @@
+Added a project security policy (SECURITY.md) to define a coordinated disclosure process for reporting vulnerabilities.