From 615518e4257f38017949f39f398dd06bade0acf3 Mon Sep 17 00:00:00 2001 From: mtpoly <128363128+mt-polygon-technology@users.noreply.github.com> Date: Fri, 1 Mar 2024 17:11:31 +0100 Subject: [PATCH 1/4] Create SECURITY.md --- SECURITY.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000..d8e87e74e --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,17 @@ +# Polygon Technology Security Information + +## Link to vulnerability disclosure details (Bug Bounty). +- Websites and Applications: https://hackerone.com/polygon-technology +- Smart Contracts: https://immunefi.com/bounty/polygon + +## Languages that our team speaks and understands. +Preferred-Languages: en + +## Security-related job openings at Polygon. +https://polygon.technology/careers + +## Polygon security contact details. +security@polygon.technology + +## The URL for accessing the security.txt file. +Canonical: https://polygon.technology/security.txt From c727de6406617a346e2bb2dc2157192ab91b4291 Mon Sep 17 00:00:00 2001 From: mtpoly <128363128+mt-polygon-technology@users.noreply.github.com> Date: Fri, 1 Mar 2024 17:14:48 +0100 Subject: [PATCH 2/4] Create sonar-project.properties --- sonar-project.properties | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 sonar-project.properties diff --git a/sonar-project.properties b/sonar-project.properties new file mode 100644 index 000000000..6e94ed9ae --- /dev/null +++ b/sonar-project.properties @@ -0,0 +1,2 @@ +sonar.projectKey=0xPolygonHermez_zkevm-contracts +sonar.organization=0xPolygonHermez From e1e5a4afadc6768d04197ce18b125b5698efe147 Mon Sep 17 00:00:00 2001 From: mtpoly <128363128+mt-polygon-technology@users.noreply.github.com> Date: Fri, 1 Mar 2024 17:15:18 +0100 Subject: [PATCH 3/4] Create security-build.yml --- .github/workflows/security-build.yml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 .github/workflows/security-build.yml diff --git a/.github/workflows/security-build.yml b/.github/workflows/security-build.yml new file mode 100644 index 000000000..b62850d11 --- /dev/null +++ b/.github/workflows/security-build.yml @@ -0,0 +1,24 @@ +name: Security Build +on: + push: + branches: + - main # or the name of your main and preffered branches + - dev + - staging # or the name of your main and preffered branches + workflow_dispatch: {} + pull_request: + types: [opened, synchronize, reopened] + +jobs: + sonarcloud: + name: SonarCloud + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + - name: SonarCloud Scan + uses: SonarSource/sonarcloud-github-action@master + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} From 4c1971bf18d4999a8213974b918da0471c7cadda Mon Sep 17 00:00:00 2001 From: mtpoly <128363128+mt-polygon-technology@users.noreply.github.com> Date: Wed, 13 Mar 2024 16:39:41 +0100 Subject: [PATCH 4/4] Update sonar-project.properties --- sonar-project.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sonar-project.properties b/sonar-project.properties index 6e94ed9ae..db5286720 100644 --- a/sonar-project.properties +++ b/sonar-project.properties @@ -1,2 +1,2 @@ sonar.projectKey=0xPolygonHermez_zkevm-contracts -sonar.organization=0xPolygonHermez +sonar.organization=0xpolygonhermez