Skip to content

Opsec update#2

Merged
saleel merged 2 commits intomainfrom
opsec-update
Feb 5, 2026
Merged

Opsec update#2
saleel merged 2 commits intomainfrom
opsec-update

Conversation

@randyquaye
Copy link
Collaborator

@randyquaye randyquaye commented Feb 5, 2026

No description provided.

@randyquaye randyquaye requested review from a team and Copilot February 5, 2026 11:35
Copilot AI reviewed Feb 5, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds operational security (opsec) documentation to the Aztec Staking Dashboard repository, establishing clear guidelines for security vulnerability reporting and code ownership.

Changes:

  • Added a comprehensive SECURITY.md file with private vulnerability reporting guidelines and contact information
  • Updated CONTRIBUTING.md to reference the security policy for security-sensitive issues
  • Introduced a CODEOWNERS file to define default code review ownership

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.

File Description
SECURITY.md New security policy document defining vulnerability reporting process, email contact, and distinguishing between security and non-security issues
CONTRIBUTING.md Added reference to SECURITY.md for security-sensitive bug reports to ensure proper private disclosure
.github/CODEOWNERS New file establishing @AztecProtocol/sdb-review team as default owners for all repository files

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

SECURITY.md

If you believe a vulnerability is actively being exploited or has severe impact (e.g. loss of funds, key compromise, or broad user impact), please clearly mark the report as **CRITICAL** in the pvr/email subject.

## Reporting Non‑Security Bugs and Feature Requests
Copy link

Copilot AI Feb 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The heading uses a non-breaking hyphen (U+2011) instead of a standard hyphen. This should be changed to use a regular hyphen for consistency and to avoid potential issues with text processing tools and search functionality.

Suggested change
## Reporting NonSecurity Bugs and Feature Requests
## Reporting Non-Security Bugs and Feature Requests

Copilot uses AI. Check for mistakes.
SECURITY.md
2. Steps to reproduce (including logs, requests, or PoCs as appropriate)
3. Environment details (browser, OS, network assumptions)

You can also email security@aztec.foundation
Copy link

Copilot AI Feb 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This sentence is missing ending punctuation. Add a period at the end for consistency with standard sentence structure.

Suggested change
You can also email security@aztec.foundation
You can also email security@aztec.foundation.

Copilot uses AI. Check for mistakes.
SECURITY.md

- **Do not** open public GitHub issues or pull requests for suspected security vulnerabilities.

Instead, please use the [Private Vulnerability Reporting](https://github.com/AztecProtocol/staking-dashboard/security/advisories/new) process on GitHub.
Copy link

Copilot AI Feb 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is a trailing space at the end of this line after "GitHub." which should be removed for clean formatting.

Suggested change
Instead, please use the [Private Vulnerability Reporting](https://github.com/AztecProtocol/staking-dashboard/security/advisories/new) process on GitHub.
Instead, please use the [Private Vulnerability Reporting](https://github.com/AztecProtocol/staking-dashboard/security/advisories/new) process on GitHub.

Copilot uses AI. Check for mistakes.
@saleel saleel closed this Feb 5, 2026
@saleel saleel reopened this Feb 5, 2026
@saleel saleel closed this Feb 5, 2026
@saleel saleel reopened this Feb 5, 2026
@saleel saleel merged commit 8596acc into main Feb 5, 2026
8 checks passed
@saleel saleel deleted the opsec-update branch February 5, 2026 14:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@saleel saleel saleel approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@randyquaye @saleel