diff --git a/gulpfile.js b/gulpfile.js index 15be24403..9b3aa2ddc 100644 --- a/gulpfile.js +++ b/gulpfile.js @@ -189,7 +189,7 @@ task("sass", function () { }); task("static", function () { - return src("./static/**/*").pipe(dest("./dist/")); + return src("./static/**/*", { dot: true }).pipe(dest("./dist/")); }); //copies refactored js files to dist/gen so that they can be required by dist/gen/index.js diff --git a/static/.well-known/security.txt b/static/.well-known/security.txt new file mode 100644 index 000000000..6b5246f3d --- /dev/null +++ b/static/.well-known/security.txt @@ -0,0 +1,6 @@ +Contact: mailto:jack@monkeytype.com +Contact: message @Miodec on discord.gg/monkeytype +Expires: 2022-06-03T21:00:00.000Z +Preferred-Languages: en +Canonical: https://monkeytype.com/.well-known/security.txt +Policy: https://monkeytype.com/security-policy diff --git a/static/index.html b/static/index.html index bbc0b6900..c114ba8f0 100644 --- a/static/index.html +++ b/static/index.html @@ -4266,6 +4266,10 @@ Donate +
+ Monkeytype takes the security of its platform seriously. If you are a + security researcher and have found a vulnerability, we would like to + work with you to remediate the issue. +
+Table of Contents
+ + + ++ For vulnerabilities that impact the confidentiality, integrity and + availability of monkeytype services, please send your disclosure via + (1) + mail + , or (2) private discord chat to + miodec + . For non-security related platform bugs, follow the bug submission + + guidelines + + .Include as much detail as possible to ensure reproducibility. At a + minimum, vulnerability disclosures should include: +
++ Do not engage in activities that might cause a denial of service + condition, create significant strains on critical resources, or + negatively impact users of the site outside of test accounts. +
+