From 13d938cd30931208ac516df2a751a015f1849d28 Mon Sep 17 00:00:00 2001
From: Serhii Donii <serhii.donii@macpaw.com>
Date: Tue, 2 Apr 2024 19:10:26 +0300
Subject: [PATCH 1/2] ORC-1020: Publish template packages to packagist - add
 security check

---
 .github/workflows/security.yaml | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 .github/workflows/security.yaml

diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml
new file mode 100644
index 0000000..248d5d0
--- /dev/null
+++ b/.github/workflows/security.yaml
@@ -0,0 +1,24 @@
+on:
+  pull_request:
+  push:
+    branches: [ main, develop ]
+
+jobs:
+  security-checker:
+    name: Security checker
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+
+      - name: Install dependencies
+        run: composer install --no-progress --no-interaction --prefer-dist
+
+      - name: Download local-php-security-checker
+        run: curl -s -L -o local-php-security-checker https://github.com/fabpot/local-php-security-checker/releases/download/v1.0.0/local-php-security-checker_1.0.0_linux_amd64
+
+      - name: Run local-php-security-checker
+        run: chmod +x local-php-security-checker && ./local-php-security-checker

From e26aff4a3815abf3eb0c45be517a9198ec8d380f Mon Sep 17 00:00:00 2001
From: Serhii Donii <serhii.donii@macpaw.com>
Date: Wed, 3 Apr 2024 17:41:20 +0300
Subject: [PATCH 2/2] ORC-1020: Publish template packages to packagist - add
 security check

---
 SECURITY.md | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..0b6878f
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,23 @@
+# Security Policy
+
+## Reporting Security Issues
+If you believe you have found a security vulnerability in any MacPaw-owned repository, please report it to us through coordinated disclosure.
+
+Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.
+
+Instead, please send an email to security[@]macpaw.com.
+
+Please include as much of the information listed below as you can to help us better understand and resolve the issue:
+
+- The type of issue (e.g., buffer overflow, SQL injection, or cross-site scripting)
+- Full paths of source file(s) related to the manifestation of the issue
+- The location of the affected source code (tag/branch/commit or direct URL)
+- Any special configuration required to reproduce the issue
+- Step-by-step instructions to reproduce the issue
+- Proof-of-concept or exploit code (if possible)
+- Impact of the issue, including how an attacker might exploit the issue
+
+This information will help us triage your report more quickly.
+
+## Policy
+See MacPaw's [Vulnerability Disclosure Policy](https://macpaw.com/vulnerability-disclosure-policy)