From c816186ef5f7fa545eb3bf1cbd71332e3400be63 Mon Sep 17 00:00:00 2001
From: Zied ABID <zied.abid@jobteaser.com>
Date: Mon, 21 Jul 2025 06:21:06 +0200
Subject: [PATCH] feat(internal): Add security policy

Signed-off-by: Zied ABID <zied.abid@jobteaser.com>
---
 SECURITY.md | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000..89640235fe
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,17 @@
+# Security Policy
+
+## Supported Versions
+
+For details on all Community supported versions of CloudNativePG, please refer to the
+["Supported releases" section in the official documentation](https://cloudnative-pg.io/documentation/current/supported_releases/).
+
+## Reporting a Vulnerability
+
+To make a report, send an email containing the details of the vulnerability to
+security@cloudnative-pg.io (an alias to a private mailing list in Google Groups
+containing just the maintainers of the project). Private disclosure of a potential
+vulnerability is important. The maintainers will reply acknowledging the report,
+and decide whether to keep it private or publicly disclose it.
+
+CloudNativePG relies on the
+[GitHub infrastructure to manage security advisories and manage vulnerabilities](https://github.com/cloudnative-pg/cloudnative-pg/security).