From 14fb6457b5b243f575c0ce34bf40f1e9e01415b6 Mon Sep 17 00:00:00 2001
From: Appu <appu@google.com>
Date: Thu, 22 Feb 2024 10:56:40 -0500
Subject: [PATCH] Create SECURITY.md

---
 SECURITY.md | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..30cb358
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,9 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If it is not security critical, please open an [issue](https://github.com/GoogleContainerTools/rules_distroless/issues)
+
+If it could be potentially exploited, or you are unsure if it can,
+please report privately via github [(instructions)](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability)
+and we will evaluate, fix and publish an advisory as necessary.