Merge pull request #709 from KelvinTegelaar/dev

Pushing Dev to Release

Author: KelvinTegelaar

.github/FUNDING.yml

@@ -0,0 +1,4 @@
+---
+# These are supported funding model platforms
+
+github: [kelvintegelaar]

.github/workflows/Node_Project_Check.yml

@@ -3,17 +3,15 @@ name: NodeJS Project Check
 on:  # yamllint disable-line rule:truthy
   push:
     branches:
-      - master
       - main
-      - react
+      - dev
   pull_request:
     branches:
-      - master
       - main
-      - react
+      - dev
 concurrency:
   group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && github.head_ref || github.ref }}
-  cancel-in-progress: true
+  cancel-in-progress: false
 jobs:
   install-build:
     name: NPM Install and Build

.vscode/extensions.json

@@ -0,0 +1,10 @@
+{
+  "recommendations": [
+    "github.vscode-codeql",
+    "dbaeumer.vscode-eslint",
+    "eg2.vscode-npm-script",
+    "christian-kohler.npm-intellisense",
+    "esbenp.prettier-vscode",
+    "stylelint.vscode-stylelint"
+  ]
+}

SECURITY.md

@@ -0,0 +1,19 @@
+# Security Policy
+
+## Supported Versions
+
+The current [release](https://github.com/KelvinTegelaar/CIPP/releases) is the only "supported version" and should not have any security bugs. However if you find a security issue in an older release feel free to also report this in case of regression, We'd rather know we made a mistake at one point in time and avoid that in the future.
+
+## Reporting a Vulnerability
+
+Reporting a vulnerability is best done by emailing [[email protected]](mailto:[email protected]?subject=CIPP Security Issue) but you can also message an admin directly on the CyberDrain Discord. All relevant contributors will be alerted and can discuss the issue in private and address it if appropriate. It will help in making the fix available as soon as possible without endangering other users of the product.
+
+We will publicly release any security report after the resolution, including all communications. If you would rather have only the bug report public, please let us know in the report.
+
+## Notifications and security advisories
+
+We report any security notification via the GitHub notification and advisory system. Sponsors that are hosted will also receive a notification in case a major bug has been found.
+
+## Bounties and Rewards
+
+This project is an open-source sponsorware effort, which makes it hard to create a monetary reward without breaking the bank very quickly. for *critical* level bugs, that cause RCE/API data leaks/etc I will award a 50 dollar reward. For other bugs, I potentially am able to reward with some swag such as an official CyberDrain T-shirt or hoodie :)