Stateless Code | Create a RubyGem 91: Add a Security Policy to the Gem @StatelessCode | Uploaded February 2023 | Updated October 2024, 8 hours ago.
In this video, we add a security policy to the NerdDice gem.
Why would you want to set up a security policy? On an open source project, the public can read all your code, normal bugs, and other issues. In the event that a suspected or actual security vulnerability is discovered, you want to be able to provide people with a way to confidentially report these things so that you can investigate and fix those vulnerabilities without having that potential vulnerability published to the public while it is being fixed.
You can also use a security policy to inform your users about which versions of your project are still being supported to receive security updates. In our case we also use it to set expectations of when our support for old minor versions of the gem will sunset.
You can either directly commit the security policy file on GitHub, or you can copy the raw markdown into a file in your code editor and commit it as you would any other code.
Once our security policy gets, merged into master, the security tab gets updated to show that a security policy has been enabled for the project.
This video covers:
00:00:12 Introduction
00:00:50 Look at an example security policy
00:02:14 Use the security tab and click on set up a security policy
00:03:16 Use the GitHub markdown editor to draft the security policy and review results
00:05:31 Paste the raw markdown into a code editor, commit and push
00:07:41 Open and merge pull request
00:08:35 Demonstrate that security policy shows as enabled and close issue
#ruby #rubygems #codecast #screencast #NerdDice #DnD #roleplaying #softwaredevelopment #github #opensource #dice #TDD #maintain #markdown #readme #documentation #security
This video is CC0 - No rights reserved. (YouTube doesn't allow this option when publishing.) All code is released under the UNLICENSE. Stateless Code denies the concept of "intellectual property". Copying is not stealing.
In this video, we add a security policy to the NerdDice gem.
Why would you want to set up a security policy? On an open source project, the public can read all your code, normal bugs, and other issues. In the event that a suspected or actual security vulnerability is discovered, you want to be able to provide people with a way to confidentially report these things so that you can investigate and fix those vulnerabilities without having that potential vulnerability published to the public while it is being fixed.
You can also use a security policy to inform your users about which versions of your project are still being supported to receive security updates. In our case we also use it to set expectations of when our support for old minor versions of the gem will sunset.
You can either directly commit the security policy file on GitHub, or you can copy the raw markdown into a file in your code editor and commit it as you would any other code.
Once our security policy gets, merged into master, the security tab gets updated to show that a security policy has been enabled for the project.
This video covers:
00:00:12 Introduction
00:00:50 Look at an example security policy
00:02:14 Use the security tab and click on set up a security policy
00:03:16 Use the GitHub markdown editor to draft the security policy and review results
00:05:31 Paste the raw markdown into a code editor, commit and push
00:07:41 Open and merge pull request
00:08:35 Demonstrate that security policy shows as enabled and close issue
#ruby #rubygems #codecast #screencast #NerdDice #DnD #roleplaying #softwaredevelopment #github #opensource #dice #TDD #maintain #markdown #readme #documentation #security
This video is CC0 - No rights reserved. (YouTube doesn't allow this option when publishing.) All code is released under the UNLICENSE. Stateless Code denies the concept of "intellectual property". Copying is not stealing.
