Merge pull request #225 from oaknational/chore(docs)/readme-and-sec-p…

…olicy
oaknational · Jul 9, 2024 · bce676c · bce676c
2 parents 33c68ac + c591650
commit bce676c
Show file tree

Hide file tree

Showing 3 changed files with 86 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -2,6 +2,8 @@
 
 # Oak Components
 
+![License: MIT](https://img.shields.io/badge/license-MIT-brightgreen)
+
 ## Overview
 
 This is a React Typescript components library which supports React and Next applications produced by [Oak National Academy](https://www.thenational.academy/). A Storybook for the components can be found [here](https://components.thenational.academy/) please consult 1Password for access.
@@ -112,3 +114,28 @@ Components are organised into a three tier hierarchical structure applying the f
   (eg. `SchoolInputForm`)
 
   NB. these rules are a work in progress. Modifications may be required as the library builds.
+
+## External Contributions
+
+### Security and Bug Bounty
+
+Please see our [security.txt](public/.well-known/security.txt) file.
+
+### Contributing to the Code
+
+We don't currently accept external contributions to the code base, but this is under review and we hope to find an approach the works for us and the community.
+
+## Open Source Acknowledgements
+
+As with all web projects we are dependent on open source libraries maintained by others. While it is not practical to acknowledge them all, we would nevertheless like to express our gratitude for the contributions and efforts of the OSS community. Our dependency list can be found in our [package.json](package.json) file.
+
+## License
+
+Unless stated otherwise, the codebase is released under the [MIT License][mit]. This covers both the codebase and any sample code in the documentation. Where any Oak National Academy trademarks or logos are included, these are not released under the [MIT License][mit], and should be used in line with [Oak National Academy brand guidelines][brand].
+
+Any documentation included is © [Oak National Academy][oak] and available under the terms of the [Open Government Licence v3.0][ogl], except where otherwise stated.
+
+[mit]: LICENCE
+[oak]: https://www.thenational.academy/
+[ogl]: https://www.nationalarchives.gov.uk/doc/open-government-licence/version/3/
+[brand]: https://support.thenational.academy/using-the-oak-brand
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,13 @@
+# Security Policy
+
+## Supported Versions
+
+We continously update and improve Oak National Academy's product and codebase including patching security vulnerabilities.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| > 1.0.0 | :white_check_mark: |
+
+## Reporting a Vulnerability
+
+To report any vulnerability please see our [security.txt](public/.well-known/security.txt) file
diff --git a/public/.well-known/security.txt b/public/.well-known/security.txt
@@ -0,0 +1,46 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
+# Oak National Academy - reporting security vulnerabilities to the Oak National team
+
+# Please report any security vulnerabilities to us via the contact method(s) below, only after reading our security disclosure policy.
+Contact: mailto:[email protected]
+Contact: https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability
+Preferred-Languages: en
+
+# Encrypt your messages to Oak National Academy using the PGP key below
+Encryption: https://www.thenational.academy/.well-known/pgp-key.txt
+Encryption: https://keys.openpgp.org/vks/v1/by-fingerprint/E925058764BF1E055A95CFA7971F062051B60B7D
+
+# This security is annually reviewed
+Expires: 2024-07-31T20:59:00.000Z
+
+# Oak National Academy Security Disclosure Policy
+Policy: https://www.thenational.academy/legal/security-disclosure-policy/
+
+# Our security.txt is hosted at the following canonical locations
+Canonical: https://www.thenational.academy/.well-known/security.txt
+
+# Our security acknowledgments page
+Acknowledgments: https://www.thenational.academy/.well-known/security-credits.txt
+
+# We're continually recruiting at Oak National Academy, please visit the link below
+Hiring: https://jobs.thenational.academy
+
+# Please see https://securitytxt.org/ for details of the specification of this file
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCAAdFiEE6SUFh2S/HgValc+nlx8GIFG2C30FAmSHDA0ACgkQlx8GIFG2
+C3342w/+K5DuDMWdMGlwfsrMRXZYfrShWpxsHf8IsRC1wd7ZQBdeotXuhWpRw6Rt
+KZYZxwYOutXe2alqM3R2aFveTaIg8gV/zFtfFXQGucr/ggNJ012uIhWlzU9wmMD5
+A0GwTyqMcUXhKNhdMZ5sURuIhqpwT+NE/UJyhfi7aAUATqzws1gZ0gk1ivTzW4dv
+f6hG7ZoKb45S8koEEN5tKRTVGFvjSJcpT59XeNN3Edl0GbjJf7JdgTeDc0DJ54Fc
+be5pI2Zoux0AXWGrYgbVfwFZlUpwRm6f7C+FwzO08dnVpCBlFUqnJEI88w8oczHy
+EocWWj+NLsdbKIoORuvNBLBobL2QqjUwuWGNdMDLey3tQe2Fg2WG9YqlnLUDT9e+
+Lmp1SBjCzFR/t2GfnMpqOecENFJ8fuG64SX4stsSx0PeAcs/Nsv35YL8Xw0iAg/T
+StjzqXgwDLnZFzAtZfdrBPl1Iz04Ozr+146ep0ZZygBFvgiP9rc3yTLzWHDHZQDI
+BUZfOwXUdmzGLX0Zbh2oQ2uNTvCoD4xM3lvF45yVIvzaXP86OqWIO31+FbIhX7aZ
+sWjLghb9wpwVmDB4GVaqByPDJJuRDuyHrGtf/NZ10BcqKgwapWPYxAh6mKpVna/D
+JmCcRRK9J3/IbtPIoAvWgkgQIdQ0Q32HvEl7l62E3gGCLTmc3Bs=
+=Ac16
+-----END PGP SIGNATURE-----