Add Security Policy Files

Add a SECURITY.md file to every repository that doesn't already have one.

Use this template:

# Security Policy

## Reporting a Vulnerability

If you discover a security vulnerability in this project, please report it
responsibly. Do not create a public GitHub issue.

**Email:** [email protected]
**PGP Key:** [link to PGP key if applicable]

We will acknowledge receipt within 48 hours and provide an initial assessment
within 5 business days.

## Supported Versions

| Version | Supported |
| ------- | --------- |
| Latest  | ✅        |
| < Latest | ❌       |

## Security Updates

Security patches are released as soon as possible after validation.
Subscribe to this repository's releases for notifications.

---

If a SECURITY.md already exists, do not modify it.

The Problem

GitHub displays a "Security" tab on repositories that have a SECURITY.md file. Without it, there's no clear path for anyone (internal or external) to report a vulnerability. Most repos don't have one, and those that do have inconsistent or outdated information.

A standardized security policy is a compliance requirement for most frameworks and a basic security hygiene practice. It takes two minutes to write for one repo and two months to roll out across 500.

What Tidra Does

1. Checks each repository for an existing SECURITY.md file
2. If none exists, creates the file with the standardized template
3. Skips repositories that already have a security policy
4. Creates PRs with a brief description explaining the addition

Before & After

Customization Tips

• Bug bounty: If your org has a bug bounty program, add the program URL and scope to the template.
• HackerOne / Bugcrowd: Replace the email with a link to your vulnerability disclosure platform if you use one.
• Internal repos: For internal-only repos, adjust the language to reference internal reporting channels (e.g., Slack, Jira).