Create SECURITY.md

[djmartberry66]

Pull-Request Template

Thank you for your contribution! Please provide a brief description of your changes and ensure you've completed the checklist below.

Description

What does this PR do? Why is it necessary?

Fixes # (if applicable)

Checklist

• Contribution Guidelines: I have read the Contribution Guidelines.
• CLA: I have signed the CLA.
• Authorship: I am listed as the author (if applicable).
• Conventional Commits: My PR title and commit messages follow the Conventional Commits spec.
• Code Format: I have run nox -s format to format the code.
• Spelling: I have fixed any spelling errors, and added false positives to .github/actions/spelling/allow.txt if necessary.
• Template: I have followed the aaie_notebook_template.ipynb if submitting a new jupyter notbook.
• Sync: My Fork is synced with the upstream.
• Documentations: I have updated relevant documentations (if applicable) in the docs folder.

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[gemini-code-assist]

Summary of Changes

Hello @djmartberry66, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a dedicated SECURITY.md file to the repository. This file serves as a central resource for users and contributors to understand the project's security posture, including which versions receive security support and the established process for reporting potential vulnerabilities. The addition aims to formalize security communication and streamline the reporting mechanism.

Highlights

• New Security Policy Document: A new SECURITY.md file has been added to the repository.
• Vulnerability Reporting Guidelines: The new file outlines how users can report security vulnerabilities.
• Supported Versions Information: It includes a section to inform users about which project versions are currently supported with security updates.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in issue comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a SECURITY.md file, which is an important addition for any project. However, the current content is a placeholder template and lacks the specific details for this repository. I've added comments to highlight the sections that need to be filled out with your project's actual security policy, such as supported versions and the vulnerability reporting process. Completing these sections is crucial for the file to be effective.

[gemini-code-assist]

This table appears to use example versions. Please replace them with the actual versions of this project that receive security support. If your project doesn't use this versioning scheme, please clarify what is and isn't supported.

[gemini-code-assist]

This section contains placeholder text and needs to be replaced with a concrete process for reporting vulnerabilities. Providing clear instructions is essential to ensure vulnerabilities are disclosed responsibly and privately. Please specify where to report issues (e.g., a security email address or GitHub's private vulnerability reporting) and what reporters can expect in terms of a response.

Suggested change

	Use this section to tell people how to report a vulnerability.
	Tell them where to go, how often they can expect to get an update on a
	reported vulnerability, what to expect if the vulnerability is accepted or
	declined, etc.
	We take security vulnerabilities seriously. Please report any security issues you find via GitHub's private vulnerability reporting feature.
	You can submit a report [here](https://github.com/GoogleCloudPlatform/applied-ai-engineering-samples/security/advisories/new).
	We aim to acknowledge reports within 3 business days and will keep you informed of our progress. We appreciate your help in disclosing issues responsibly.